Chapter 23 IP Source Guard
ES-2024 Series User’s Guide
189
23.1.1.2 Trusted vs. Untrusted Ports
Every port is either a trusted port or an untrusted port for ARP inspection. The
Switch does not discard ARP packets on trusted ports for any reason. The Switch
discards ARP packets on untrusted ports if the sender’s information in the ARP
packet does not match any of the current bindings.
23.1.1.3 Syslog
The Switch can send syslog messages to the specified syslog server (Chapter 31
on page 257) when it forwards or discards ARP packets. The Switch can
consolidate log messages and send log messages in batches to make this
mechanism more efficient.
23.1.1.4 Configuring ARP Inspection
Follow these steps to configure ARP inspection on the Switch.
1 Configure static bindings so the Switch can distinguish between authorized and
unauthorized ARP packets.
2 Enable ARP inspection on the Switch.
3 Enable ARP inspection on each VLAN.
4 Configure trusted and untrusted ports, and specify the maximum number of ARP
packets that each port can receive per second.
23.2 IP Source Guard
Use this screen to look at the current bindings for ARP inspection. Bindings are
used by ARP inspection to distinguish between authorized and unauthorized
packets in the network. The Switch learns the bindings from information provided
manually by administrators (static bindings). To open this screen, click Advanced
Application > IP Source Guard.
Figure 95 IP Source Guard
To Next Page
Loading...
