Security
IP Source Guard
Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4 357
17
IP Source Guard Work Flow
To configure IP Source Guard:
STEP 1 Enable (DHCP Snooping) Properties page.
STEP 2 Define the VLANs on which DHCP Snooping is enabled in the (DHCP Snooping) Interface
Settings page.
STEP 3 Configure interfaces as trusted or untrusted in the (DHCP Snooping) Interface Settings page.
STEP 4 Enable IP Source Guard in the (IP Source Guard) Properties page.
STEP 5 Enable IP Source Guard on the untrusted interfaces as required in the (IP Source Guard)
Interface Settings page.
STEP 6 View entries to the Binding database in the (IP Source Guard) Binding Database page.
Properties
To enable IP Source Guard globally:
STEP 1 Click Security > IP Source Guard > Properties.
STEP 2 Select Enable to enable IP Source Guard globally.
STEP 3 Click Apply to enable IP Source Guard.
Interface Settings
If IP Source Guard is enabled on an untrusted port/LAG, DHCP packets, allowed by DHCP
Snooping, are transmitted. If source IP address filtering is enabled, packet transmission is
permitted as follows:
• IPv4 traffic — Only IPv4 traffic with a source IP address that is associated with the
specific port is permitted.
• Non IPv4 traffic — All non-IPv4 traffic is permitted.
See Interactions with Other Features for more information about enabling IP Source Guard on
interfaces.
To Next Page
Loading...
Need help?
General
