run show ip-source-guard binding
The run show ip-source-guard binding command shows the IP source guard binding entries.
Command Syntax
run show ip-source-guard binding [interface <interface-name>]
Parameter | Description |
interface <interface-name> | Optional. Specifies an interface name that enabled IP source guard. The value could be a physical port. |
View the IP source guard binding entries.
admin@PICOS# run show ip-source-guard binding
Total ipsg host count: 5
Mac-Address Ip-Address Interface VLAN Type Filter-Type Status
22:22:22:22:22:22 ge-1/1/3 20 static ip effective
33:33:33:33:33:33 te-1/1/3 20 static ip ineffective
22:22:22:11:11:11 ge-1/1/3 4094 static ip+mac ineffective
22:22:22:11:11:20 ge-1/1/3 1 dhcp-snooping ip+mac ineffective
22:22:22:22:22:22 ge-1/1/3 6 static ip+mac ineffective
In the show result,
The parameter “Type” indicates the type of the entry, the value could be static or dhcp-snooping:
Ø static: indicates that the entry is manually configured.
Ø dhcp-snooping: indicates that the entry is originated from the DHCP snooping binding table.
The parameter “Filter-type” indicates the IP source guard filtering item based on specific interface and VLAN. The value could be ip or ip+mac,
Ø ip: enables IP Source Guard with interface + VLAN + Source IP filtering.
Ø ip+mac: enables IP Source Guard with interface + VLAN + Source IP + Source MAC address filtering.
The parameter “Status” indicates whether the IP source guard binding entry is effective or not. After configuring the IP source guard binding entry, it needs to be deployed to the hardware by the system. If the entry is successfully deployed to the hardware, the "Status" will be shown as effective; however, if the deployment fails, it will be displayed as ineffective. Typically, the reason for deployment failure is due to the user configuring too many ACL rules, leading to insufficient hardware resources.
Copyright © 2025 Pica8 Inc. All Rights Reserved.