Raisecom
ISCOM2600G-HI (A) Series Configuration Guide
Raisecom Proprietary and Confidential
Copyright © Raisecom Technology Co., Ltd.
permitted to forward normally. Otherwise, the user is an attacker and the IP packets are
discarded.
10.8.2 Preparing for configurations
Scenario
There are often some IP source spoofing attacks on the network. For example, the attacker
forges legal users to send IP packets to the server, or the attacker forges the source IP address
of another user to communicate. This prevents legal users from accessing network services
normally.
With IP Source Guard binding, you can filter and control packets forwarded by the interface,
prevent the illegal packets from passing through the interface, thus to restrict the illegal use of
network resources and improve the interface security.
Prerequisite
Enable DHCP Snooping if there are DHCP users.
10.8.3 Default configurations of IP Source Guard
Default configurations of IP Source Guard are as below.
IP Source Guard static binding
IP Source Guard dynamic binding
10.8.4 Configuring interface trust status of IP Source Guard
Configure the interface trust status of IP Source Guard for the ISCOM2600G-HI series switch
as below.
Enter global configuration mode.
Raisecom(config)#
interface
interface-type
interface-number
Enter physical layer interface configuration mode.
Raisecom(config-
gigaethernet1/1/p
ort)#ip verify
source trust
(Optional) configure the interface to a trusted interface.
Use the no ip verify source trust command to configure
the interface as an untrusted interface. In this case, all
packets, except DHCP packets and IP packets that meet
binding relation, are not forwarded. When the interface
is in trusted status, all packets are forwarded normally.
To Next Page
Loading...
Need help?
General
