A10E/A28E/A28F Configuration Guide
6.8.2 Preparing for configurations
Scenario
There are often some IP source spoofing attacks in network. For example, the attacker
pretends legal users to send IP packets to the server, or the attacker forges the source IP
address of another user to communicate. This makes the legitimate users cannot get network
services normally.
With IP Source Guard binding, you can filter and control packets forwarded by the interface,
prevent the illegal packets passing through the interface, thus to restrict the illegal use of
network resources and improve the interface security.
Prerequisite
Enable DHCP Snooping before if there is a DHCP user.
6.8.3 Default configurations of IP Source Guard
The default configuration of IP Source Guard is as below.
IP Source Guide static binding
IP Source Guide dynamic binding
6.8.4 Configuring interface trust status of IP Source Guard
Configure interface trust status of IP Source Guard for the A10E/A28E as below.
Enter global configuration mode.
Alpha-
A28E(config)#interface
port
port-id
Enter physical layer interface configuration
mode.
Alpha-A28E(config-
port)#ip verify source
trust
Configure the interface to a trusted interface.
6.8.5 Configuring IP Source Guide binding
Configuring static IP Source Guide binding
Configure IP Source Guide static binding for the A10E/A28E as below.
To Next Page
Loading...