Chapter 26 IP Source Guard
GS2220 Series User’s Guide
259
• Static bindings. Use this to create static bindings in the binding table.
• DHCP snooping. Use this to filter unauthorized DHCP packets on the network and to build the binding
table dynamically.
• ARP inspection. Use this to filter unauthorized ARP packets on the network.
If you want to use dynamic bindings to filter unauthorized ARP packets (typical implementation), you
have to enable DHCP snooping before you enable ARP inspection.
26.2 IP So urc e G ua rd
Use this screen to go to the configuration screens where you can configure IPv4 or IPv6 source guard
settings. Click Adva nc e d Applic a tio n > IP Sourc e Gua rd in the navigation panel.
Fig ure 195 Advanced Application > IP Source Guard
The following table describes the labels in this screen.
Table 118 Advanced Application > IP Source Guard
LABEL DESC RIPTIO N
IPv4 Source Guard
Setup
Click the link to open screens where you can view and manage static bindings, configure
DHCP snooping or ARP inspection and look at various statistics.
IPv6 Source Binding
Status
Click the link to open a screen where you can view the current IPv6 dynamic and static
bindings or remove dynamic bindings based on IPv6 address and/or IPv6 prefix.
IPv6 Static Binding
Setup
Click the link to open a screen where you can manually create IPv6 source guard static
binding entries.
IPv6 Source Guard
Policy Setup
Click the link to open a screen where you can define policies to have IPv6 source guard
forward valid addresses and/or prefixes and allow or block data traffic from all link-local
addresses.
IPv6 Source Guard
Port Setup
Click the link to open a screen where you can apply the configured IPv6 source guard
policy to a port.
IPv6 Snooping Policy
Setup
Click the link to open a screen where you can set up DHCPv6 snooping policies for the
binding table.
IPv6 Snooping VLAN
Setup
Click the link to open a screen where you can enable a DHCPv6 snooping policy on a
specific VLAN interface.
IPv6 DHCP Trust Setup Click the link to open a screen where you can specify which ports are trusted for DHCPv6
snooping.
To Next Page
Loading...
