EasyManuals Logo
Home>Ruijie>Wireless Access Point>RG-WLAN Series

Ruijie RG-WLAN Series User Manual

Ruijie RG-WLAN Series
1243 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #861 background imageLoading...
Page #861 background image
Configuration Guide Configuring IP Source Guard
9.3.1 Checking Source Address Fields of Packets
Filter the IP packets passing through ports based on source IP addresses or on both source IP addresses and source MAC
addresses to prevent malicious attack by forging packets. When there is no need to check and filter IP packets within a VLAN,
an excluded VLAN can be specified to release such packets.
Working Principle
When IP Source Guard is enabled, the source addresses of packets passing through a port will be checked. The port can be
a wired switching port, a layer-2 aggregate port (AP), or a layer-2 encapsulation sub-interface, or a WLAN interface. Such
packets will pass the port only when the source address fields of the packets match the set of the address binding records
generated by DHCP Snooping, or the static configuration set by the administrator. There are two matching modes as below.
 IP-based Filtering
Packets are allowed to pass a port only if the source IP address fields of them belong to the address binding database.
 IP-MAC Based Filtering
Packets are allowed to pass a port only when both the layer-2 source MAC addresses and layer-3 source IP addresses of
them match an entry in the address binding database.
 Specifying Excluded VLAN
Packets within such a VLAN are allowed to pass a port without check or filtering.
Related Configuration
 Enabling IP Source Guard on a Port
By default, the IP Source Guard is disabled on ports.
It can be enabled using the ip verify source command.
Usually IP Source Guard needs to work with DHCP Snooping. Therefore, DHCP Snooping should also be enabled.
DHCP Snooping can be enabled at any time on Ruijie devices, either before or after IP Source Guard is enabled.
 Configuring a Static Binding
By default, legal users passing IP Source Guard check are all from the binding database of DHCP Snooping.
Bound users can be added using the ip source binding command.
 Specifying an Excluded VLAN
By default, IP Source Guard is effective to all the VLANs under a port.
Excluded VLANs may be specified which are exempted from IP Source Guard using the ip verify source command.
Excluded VLANs can be specified only after IP Source Guard is enabled on a port. Specified excluded VLANs will be
deleted automatically when IP Source Guard is disabled on a port.

Table of Contents

Other manuals for Ruijie RG-WLAN Series

Preview: Rgos Command Reference
Rgos Command Reference657 pages
Preview: Configuration Guide
Configuration Guide712 pages
Preview: Web-Based Configuration Guide
Web-Based Configuration Guide71 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Ruijie RG-WLAN Series and is the answer not in the manual?

Ruijie RG-WLAN Series Specifications

General IconGeneral
BrandRuijie
ModelRG-WLAN Series
CategoryWireless Access Point
LanguageEnglish

Related product manuals