[an error occurred while processing this directive] [an error occurred while processing this directive]

Verifying That IP Source Guard Is Working Correctly

Purpose

Verify that IP source guard is enabled and is mitigating the effects of any source IP spoofing attacks on the EX-series switch.

Action

Display the IP source guard database.


user@switch> show ip-source-guard 
IP source guard information:
Interface    Tag  IP Address   MAC Address        VLAN

ge-0/0/12.0  0    10.10.10.7   00:30:48:92:A5:9D  vlan100 

ge-0/0/13.0  0    10.10.10.9   00:30:48:8D:01:3D  vlan100

ge—0/0/13.0  100  *            *                  voice

Meaning

The IP source guard database table contains the VLANs enabled for IP source guard, the untrusted access interfaces on those VLANs, the VLAN 802.1Q tag IDs if there are any, and the IP addresses and MAC addresses that are bound to one another. If a switch interface is associated with multiple VLANs and some of those VLANs are enabled for IP source guard and others are not, the VLANs that are not enabled for IP source guard have a star (*) in the IP Address and MAC Address fields. See the entry for the voice VLAN in the preceding sample output.

[an error occurred while processing this directive]