The run show ip-source-guard binding command shows the IP source guard binding entries.
Command Syntax
run show ip-source-guard binding [interface <interface-name>]
Parameter
Parameter | Description |
interface <interface-name> | Optional. Specifies an interface name that enabled IP source guard. The value could be a physical port. |
Example
View the IP source guard binding entries.
admin@PICOS# run show ip-source-guard binding Total ipsg host count: 5 Mac-Address Ip-Address Interface VLAN Type Filter-Type Status ----------------------------------------------------------------------------------------------------------- 22:22:22:22:22:22 1.1.1.1 ge-1/1/3 20 static ip effective 33:33:33:33:33:33 1.1.1.1 te-1/1/3 20 static ip ineffective 22:22:22:11:11:11 10.1.1.10 ge-1/1/3 4094 static ip+mac ineffective 22:22:22:11:11:20 20.1.1.10 ge-1/1/3 1 dhcp-snooping ip+mac ineffective 22:22:22:22:22:22 20.20.20.22 ge-1/1/3 6 static ip+mac ineffective
In the show result,
The parameter “Type” indicates the type of the entry, the value could be static or dhcp-snooping:
Ø static: indicates that the entry is manually configured.
Ø dhcp-snooping: indicates that the entry is originated from the DHCP snooping binding table.
The parameter “Filter-type” indicates the IP source guard filtering item based on specific interface and VLAN. The value could be ip or ip+mac,
Ø ip: enables IP Source Guard with interface + VLAN + Source IP filtering.
Ø ip+mac: enables IP Source Guard with interface + VLAN + Source IP + Source MAC address filtering.
The parameter “Status” indicates whether the IP source guard binding entry is effective or not. After configuring the IP source guard binding entry, it needs to be deployed to the hardware by the system. If the entry is successfully deployed to the hardware, the "Status" will be shown as effective; however, if the deployment fails, it will be displayed as ineffective. Typically, the reason for deployment failure is due to the user configuring too many ACL rules, leading to insufficient hardware resources.