Security
IP Source Guard
358 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4
17
To configure IP Source Guard on interfaces:
STEP 1 Click Security > IP Source Guard > Interface Settings.
STEP 2 Select port/LAG from the Filter field and click Go. The ports/LAGs on this unit are displayed
along with the following:
• IP Source Guard —Indicates whether IP Source Guard is enabled on the port.
• DHCP Snooping Trusted Interface—Indicates whether this is a DHCP trusted
interface.
STEP 3 Select the port/LAG and click Edit. Select Enable in the IP Source Guard field to enable IP
Source Guard on the interface.
STEP 4 Click Apply to copy the setting to the Running Configuration file.
Binding Database
IP Source Guard uses the DHCP Snooping Binding database to check packets from untrusted
ports. If the device attempts to write too many entries to the DHCP Snooping Binding
database, the excessive entries are maintained in an inactive status. Entries are deleted when
their lease time expires and so inactive entries may be made active.
See DHCP Snooping/Relay.
NOTE The Binding Database page only displays the entries in the DHCP Snooping Binding database
defined on IP-Source-Guard-enabled ports.
To view the DHCP Snooping Binding database and see TCAM usage, set Insert Inactive:
STEP 1 Click Security > IP Source Guard > Binding Database.
STEP 2 The DHCP Snooping Binding database uses TCAM resources for managing the database.
Complete the Insert Inactive field to select how frequently the device should attempt to
activate inactive entries. It has the following options:
• Retry Frequency—The frequency with which the TCAM resources are checked.
• Never-Never try to reactivate inactive addresses.
STEP 3 Click Apply to save the above changes to the Running Configuration and/or Retry Now to
check TCAM resources.
The entries in the Binding database are displayed:
• VLAN ID—VLAN on which packet is expected.
To Next Page
Loading...
Need help?
General
