run show ip-source-guard binding

The run show ip-source-guard binding command shows the IP source guard binding entries.

Command Syntax

run show ip-source-guard binding [interface <interface-name>]

Parameter

Parameter	Description
interface <interface-name>	Optional. Specifies an interface name that enabled IP source guard. The value could be a physical port.

Example

View the IP source guard binding entries.

admin@PICOS# run show ip-source-guard binding
Total ipsg host count:     5
Mac-Address         Ip-Address      Interface       VLAN      Type         Filter-Type         Status
-----------------------------------------------------------------------------------------------------------
22:22:22:22:22:22   1.1.1.1          ge-1/1/3        20        static        ip                  effective
33:33:33:33:33:33   1.1.1.1          te-1/1/3        20        static        ip                  ineffective
22:22:22:11:11:11   10.1.1.10        ge-1/1/3        4094      static        ip+mac              ineffective
22:22:22:11:11:20   20.1.1.10        ge-1/1/3        1         dhcp-snooping ip+mac              ineffective
22:22:22:22:22:22   20.20.20.22      ge-1/1/3        6         static        ip+mac              ineffective

In the show result,

The parameter “Type” indicates the type of the entry, the value could be static or dhcp-snooping:

Ø static: indicates that the entry is manually configured.

Ø dhcp-snooping: indicates that the entry is originated from the DHCP snooping binding table.

The parameter “Filter-type” indicates the IP source guard filtering item based on specific interface and VLAN. The value could be ip or ip+mac,

Ø ip: enables IP Source Guard with interface + VLAN + Source IP filtering.

Ø ip+mac: enables IP Source Guard with interface + VLAN + Source IP + Source MAC address filtering.

The parameter “Status” indicates whether the IP source guard binding entry is effective or not. After configuring the IP source guard binding entry, it needs to be deployed to the hardware by the system. If the entry is successfully deployed to the hardware, the "Status" will be shown as effective; however, if the deployment fails, it will be displayed as ineffective. Typically, the reason for deployment failure is due to the user configuring too many ACL rules, leading to insufficient hardware resources.