welcome to this Cisco CCN be switched 101 on fire example up series. My name is Philip. Mention Ali on in today's episode will focus on I'd be sores Guard another popular defense mechanism which we can enable alongside the NCP. Snooping is I t source guard I p source guard is gonna filter traffic based on the DCP snooping database
On also, if you have manually configured I p source by Indians
no type, he soars. Guard
is only supported on their two ports. It prevents traffic attacks if a horse tries to use I p address of its neighbor when enabled, the traffic is gonna block all I P traffic received on the port. Except for DNC pockets allowed by D. It's icky snooping To configure i p source guard
from the interfere sub conflagration mode, you would issue the command.
I'd be verify source on optionally You can enable I p swords guard in combination with port security. If we want to create a static i p source by Nen from global conflagration mode, we would issue the command i p source by Nen will specify the market rest followed by the villain on then we'll specify the villain. I t
followed by the i p address followed by interferes followed by the interface sport.
Verify release You too. Come on, show. I'd be very, very source. I'm gonna bring up a lot now so we will see how we would configure i p source Guard. I'll set up a resource guard on an Y cores one interferes fast eating at 102
that is can akin to And why 11 interface Currently DCP snooping is enabled on n Y. 11 has got tonight be addressed by idiots Cp as we can see here,
some women go into and white core one and enable I'd be sores guard.
So hearing in a week or one, I'm gonna enable 80 swords Guard.
I'm just going to enable swords guard without port security. Don't verify. With easy to come on
show I p verify source Currently we can see
the filter mode is active on idea dresses Saturday night all so I'm gonna go up in the end. Why ones on? I'm gonna try to ping the one I threw that 1 60 It not 16 not one i p. That is an n y edge one.
Hurry, The thing works.
I'm gonna changed. I p address
on N Y one one's easier if you're into fierce.
No, let's try to rerun that Bring. Come on,
this stand the pink should feel on every couple on over back then, like or one that thing is going to continue to feel unless we create a manual entry inside of N Y core, one
says you could see the things are feeling.
So I'm going to create the manual entry inside of and white core one which is gonna lower the pink toe work
on the combine his i p soars by name.
Now we need to specify the mark address.
Now we have to specify the villain is gonna be villain one.
We have to Space Flight eight the address
Now we can see our entry
with a P address, which we hard quoted.
Now let's try to rerun the Ping Command from N Y. 11
so this is a complete command to create a manual i d. Source Bindon entry.
All right, let's go back to the slates. We have a post assessment question which command enables I'd be swords guard A I mean the fierce up configuration mode. I'd be very very source or be from global conflagration mode. I'd be very free source or a C from interfere sub configuration mode. I be source verify
the answer's A on the interfere sub configuration mode we released to the command I d verify source
and that is every sword recovered I d sores guard.
We looked at how we would set up i d swords garden A particular interferes
on every created a manual like he saw his by noon entry
on performed a ping. This
in the next episode will focus on dynamic RP inspection. This is Philip in Shin Ali and the one thing which was in savory