Security
IP Source Guard
368 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
18
Configuring IP Source Guard Work Flow
To configure IP Source Guard:
STEP 1 Enable DHCP Snooping in the IP Configuration > DHCP > Properties page or in the
Security > DHCP Snooping > Properties page.
STEP 2 Define the VLANs on which DHCP Snooping is enabled in the IP Configuration >
DHCP > Interface Settings page.
STEP 3 Configure interfaces as trusted or untrusted in the IP Configuration > DHCP >
DHCP Snooping Interface page.
STEP 4 Enable IP Source Guard in the Security > IP Source Guard > Properties page.
STEP 5 Enable IP Source Guard on the untrusted interfaces as required in the Security > IP
Source Guard > Interface Settings page.
STEP 6 View entries to the Binding database in the Security > IP Source Guard > Binding
Database page.
Enabling IP Source Guard
To enable IP Source Guard globally:
STEP 1 Click Security > IP Source Guard > Properties.
STEP 2 Select Enable to enable IP Source Guard globally.
Configuring IP Source Guard on Interfaces
If IP Source Guard is enabled on an untrusted port/LAG, DHCP packets, allowed
by DHCP Snooping, are transmitted. If source IP address filtering is enabled,
packet transmission is permitted as follows:
• IPv4 traffic — Only IPv4 traffic with a source IP address that is associated
with the specific port is permitted.
• Non IPv4 traffic — All non-IPv4 traffic is permitted.
See Interactions with Other Features for more information about enabling IP
Source Guard on interfaces.
To configure IP Source Guard on interfaces:
To Next Page
Loading...
Need help?
General
