C
HAPTER
13
| Security Measures
IP Source Guard
– 355 –
â–
If DHCP snooping is enabled, IP source guard will check the VLAN
ID, source IP address, port number, and source MAC address (for
the SIP-MAC option). If a matching entry is found in the binding
table and the entry type is static IP source guard binding, or
dynamic DHCP snooping binding, the packet will be forwarded.
â–
If IP source guard if enabled on an interface for which IP source
bindings have not yet been configured (neither by static
configuration in the IP source guard binding table nor dynamically
learned from DHCP snooping), the switch will drop all IP traffic on
that port, except for DHCP packets.
PARAMETERS
These parameters are displayed:
◆ Filter Type – Configures the switch to filter inbound traffic based
source IP address, or source IP address and corresponding MAC
address. (Default: None)
â–
None – Disables IP source guard filtering on the port.
â–
SIP – Enables traffic filtering based on IP addresses stored in the
binding table.
â–
SIP-MAC – Enables traffic filtering based on IP addresses and
corresponding MAC addresses stored in the binding table.
◆ Max Binding Entry – The maximum number of entries that can be
bound to an interface. (Range: 1-5; Default: 5)
This parameter sets the maximum number of address entries that can
be mapped to an interface in the binding table, including both dynamic
entries discovered by DHCP snooping (see "DHCP Snooping" on
page 359) and static entries set by IP source guard (see "Configuring
Static Bindings for IP Source Guard" on page 356).
WEB INTERFACE
To set the IP Source Guard filter for ports:
1. Click Security, IP Source Guard, Port Configuration.
2. Set the required filtering type for each port.
3. Click Apply
To Next Page
Loading...
Need help?
General