Configuring spoof detection

Configure spoof detection to prevent IP spoofing.

For more information about this feature, see Prevention of IP Spoofing within a VLAN.

Procedure

  1. Enter GigabitEthernet Interface Configuration mode:

    enable

    configure terminal

    interface GigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...]}

    Note

    Note

    If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.

  2. Enable or disable spoof detection:

    spoof-detect [port {slot/port[-slot/port][,...]}] [enable]

    no spoof-detect [port {slot/port[-slot/port][,...]}] [enable]

  3. Enable or disable auto-recovery on a port:

    auto-recover-port [port {slot/port[-slot/port][,...]}] [enable]

    no auto-recover-port [port {slot/port[-slot/port][,...]}] [enable]

Example

Enable spoof detection:

Switch(config-if)# spoof-detect port 1/1 enable

Enable autorecovery on a port:

Switch(config-if)# auto-recover-port port 1/1 enable

9037147-00 Rev AB