C
HAPTER
13
| Security Measures
IP Source Guard
– 323 –
■
SIP-MAC – Enables traffic filtering based on IP addresses and
corresponding MAC addresses stored in the binding table.
◆ Max Binding Entry – The maximum number of entries that can be
bound to an interface. (Range: 1-5; Default: 5)
This parameter sets the maximum number of address entries that can
be mapped to an interface in the binding table, including both dynamic
entries discovered by DHCP snooping (see "DHCP Snooping" on
page 326) and static entries set by IP source guard (see "Configuring
Static Bindings for IP Source Guard" on page 323).
WEB INTERFACE
To set the IP Source Guard filter for ports:
1. Click Security, IP Source Guard, Port Configuration.
2. Set the required filtering type for each port.
3. Click Apply
Figure 175: Setting the Filter Type for IP Source Guard
CONFIGURING STATIC
BINDINGS FOR IP
S
OURCE GUARD
Use the Security > IP Source Guard > Static Configuration page to bind a
static address to a port. Table entries include a MAC address, IP address,
lease time, entry type (Static, Dynamic), VLAN identifier, and port
identifier. All static entries are configured with an infinite lease time, which
is indicated with a value of zero in the table.
CLI REFERENCES
◆ "ip source-guard binding" on page 733
COMMAND USAGE
◆ Static addresses entered in the source guard binding table are
automatically configured with an infinite lease time. Dynamic entries
learned via DHCP snooping are configured by the DHCP server itself.
◆ Static bindings are processed as follows:
■
If there is no entry with the same VLAN ID and MAC address, a new
entry is added to the binding table using the type “static IP source
guard binding.”
To Next Page
Loading...
Need help?
General
