User Manual UMN:CLIV5812G299permitted. When IP source guard is enabled in IP and MAC filtering mode, the DHCPsnooping option 82 must be enabled to ensure that the DHCP protocol works properly.Without option 82 data, the switch cannot locate the client host port to forward theDHCP server reply. Instead, the DHCP server reply is dropped, and the client cannotobtain an IP address.8.6.8.1 Enabling IP Source GuardAfter configuring DHCP snooping, configure the IP source guard using the provided com-mand. When IP source guard is enabled with this option, IP traffic is filtered based on thesource IP address. The switch forwards IP traffic when the source IP address matches anentry in the DHCP snooping binding database or a binding in the IP source binding table.To enable IP source guard, DHCP snooping needs to be enabled.To enable IP source guard with a source IP address filtering on a port, use the followingcommand.Command Mode Descriptionip dhcp verify source PORTSGlobalEnables IP source guard with a source IP addressfiltering on a port.no ip dhcp verify source PORTS Disables IP source guard.To enable IP source guard with a source IP address and MAC address filtering on a port,use the following command.Command Mode Descriptionip dhcp verify source port-security PORTS GlobalEnables IP source guard with a source IP address andMAC address filtering on a port.no ip dhcp verify source port-security PORTS Disables IP source guard.Note that the IP source guard is only enabled on DHCP snooping untrusted Layer 2 port!If you try to enable this function on a trusted port, the error message will be shown up.You cannot configure IP source guard with the ip dhcp verify source and ip dhcp verifysource port-security commands together.!!!