Time
3 hours 35 minutes
Difficulty
Intermediate
CEU/CPE
4

Video Transcription

00:00
welcome to this Cisco CCN be switched 101 on fire example up series. My name is Philip. Mention Ali on in today's episode will focus on I'd be sores Guard another popular defense mechanism which we can enable alongside the NCP. Snooping is I t source guard I p source guard is gonna filter traffic based on the DCP snooping database
00:19
On also, if you have manually configured I p source by Indians
00:23
no type, he soars. Guard
00:25
is only supported on their two ports. It prevents traffic attacks if a horse tries to use I p address of its neighbor when enabled, the traffic is gonna block all I P traffic received on the port. Except for DNC pockets allowed by D. It's icky snooping To configure i p source guard
00:42
from the interfere sub conflagration mode, you would issue the command.
00:46
I'd be verify source on optionally You can enable I p swords guard in combination with port security. If we want to create a static i p source by Nen from global conflagration mode, we would issue the command i p source by Nen will specify the market rest followed by the villain on then we'll specify the villain. I t
01:03
followed by the i p address followed by interferes followed by the interface sport.
01:07
Verify release You too. Come on, show. I'd be very, very source. I'm gonna bring up a lot now so we will see how we would configure i p source Guard. I'll set up a resource guard on an Y cores one interferes fast eating at 102
01:21
that is can akin to And why 11 interface Currently DCP snooping is enabled on n Y. 11 has got tonight be addressed by idiots Cp as we can see here,
01:32
some women go into and white core one and enable I'd be sores guard.
01:34
So hearing in a week or one, I'm gonna enable 80 swords Guard.
01:38
I'm just going to enable swords guard without port security. Don't verify. With easy to come on
01:45
show I p verify source Currently we can see
01:49
the filter mode is active on idea dresses Saturday night all so I'm gonna go up in the end. Why ones on? I'm gonna try to ping the one I threw that 1 60 It not 16 not one i p. That is an n y edge one.
02:06
Hurry, The thing works.
02:07
No,
02:08
I'm gonna changed. I p address
02:10
on N Y one one's easier if you're into fierce.
02:20
No, let's try to rerun that Bring. Come on,
02:24
this stand the pink should feel on every couple on over back then, like or one that thing is going to continue to feel unless we create a manual entry inside of N Y core, one
02:35
says you could see the things are feeling.
02:38
So I'm going to create the manual entry inside of and white core one which is gonna lower the pink toe work
02:44
on the combine his i p soars by name.
02:46
Now we need to specify the mark address.
02:53
Now we have to specify the villain is gonna be villain one.
02:57
We have to Space Flight eight the address
03:00
on the indie fees
03:06
and that's it.
03:07
Now we can see our entry
03:09
with a P address, which we hard quoted.
03:12
Now let's try to rerun the Ping Command from N Y. 11
03:19
There we go.
03:21
It's a
03:21
so this is a complete command to create a manual i d. Source Bindon entry.
03:25
All right, let's go back to the slates. We have a post assessment question which command enables I'd be swords guard A I mean the fierce up configuration mode. I'd be very very source or be from global conflagration mode. I'd be very free source or a C from interfere sub configuration mode. I be source verify
03:45
the answer's A on the interfere sub configuration mode we released to the command I d verify source
03:51
and that is every sword recovered I d sores guard.
03:53
We looked at how we would set up i d swords garden A particular interferes
03:57
on every created a manual like he saw his by noon entry
04:00
on performed a ping. This
04:01
in the next episode will focus on dynamic RP inspection. This is Philip in Shin Ali and the one thing which was in savory

Up Next

CCNP Switch - 300-115

This course is engineered to prepare you for your CISCO Certified Network Professional CCNP Switch 300 - 115. In this course, we will cover all the main domains present in the current version of the CCNP Exam which are centered around infrastructure security and services and layer 2 technologies.

Instructed By

Instructor Profile Image
Philip Inshanally
Network Administrator
Instructor