Switch Features 63
Time-Based ACLs
With the Time-based ACL feature, you can define when an ACL is in effect
and the amount of time it is in effect.
For information about configuring time-based ACLs, see "Configuring Access
Control Lists" on page 523.
IP Source Guard (IPSG)
IP source guard (IPSG) is a security feature that filters IP packets based on
the source ID. The source ID may either be source IP address or a source IP
address source MAC address pair.
For information about configuring IPSG, see "Snooping and Inspecting
Traffic" on page 781.
DHCP Snooping
DHCP Snooping is a security feature that monitors DHCP messages between
a DHCP client and DHCP server. It filters harmful DHCP messages and
builds a bindings database of (MAC address, IP address, VLAN ID, port)
tuples that are specified as authorized. DHCP snooping can be enabled
globally and on specific VLANs. Ports within the VLAN can be configured to
be trusted or untrusted. DHCP servers must be reached through trusted ports.
For information about configuring DHCP Snooping, see "Snooping and
Inspecting Traffic" on page 781.
Dynamic ARP Inspection
Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and
malicious ARP packets. The feature prevents a class of man-in-the-middle
attacks, where an unfriendly station intercepts traffic for other stations by
poisoning the ARP caches of its unsuspecting neighbors. The malicious
station sends ARP requests or responses mapping another station's IP address
to its own MAC address.
Dynamic ARP Inspection relies on DHCP Snooping.
For information about configuring DAI, see "Snooping and Inspecting Traffic"
on page 781.
To Next Page
Loading...
