Chapter 25 IP Source Guard
GS3700/XGS3700 Series User’s Guide
266
• Use the DHCP Snooping VLAN Configure screen (Section 25.6.2 on page 277) to enable DHCP
snooping on each VLAN and to specify whether or not the Switch adds DHCP relay agent option
82 information to DHCP requests that the Switch relays to a DHCP server for each VLAN.
• Use the DHCP Snooping VLAN Port Configure screen (
Section 25.6.3 on page 278) to apply a
different DHCP option 82 profile to certain ports in a VLAN.
• Use the ARP I nspection Status screen (Section 25.7 on page 279) to look at the current list of
MAC address filters that were created because the Switch identified an unauthorized ARP packet.
• Use the ARP I nspection VLAN Status screen (Section 25.7.1 on page 280) to look at various
statistics about ARP packets in each VLAN.
• Use the ARP I nspection Log Status screen (Section 25.7.2 on page 281) to look at log
messages that were generated by ARP packets and that have not been sent to the syslog server
yet.
• Use the ARP I nspection Configure screen (
Section 25.8 on page 282) to enable ARP inspection
on the Switch. You can also configure the length of time the Switch stores records of discarded
ARP packets and global settings for the ARP inspection log.
• Use the ARP I nspection Port Configure screen (
Section 25.8.1 on page 284) to specify
whether ports are trusted or untrusted ports for ARP inspection.
• Use the ARP I nspection VLAN Configure screen (Section 25.8.2 on page 286) to enable ARP
inspection on each VLAN and to specify when the Switch generates log messages for receiving
ARP packets from each VLAN.
• Use the Advanced Application > I P Source Guard > I Pv6 Source Binding Status screen
(
Section 25.10 on page 287) to look at the current IPv6 dynamic and static bindings and to
remove dynamic bindings based on IPv6 address and/ or IPv6 prefix.
• Use the Advanced Application > I P Source Guard > I Pv6 Static Binding Setup screen
(
Section 25.11 on page 288) to manually create an IPv6 source guard binding table and manage
IPv6 static bindings.
• Use the Advanced Application > I P Source Guard > I Pv6 Source Guard Policy Setup
screen (
Section 25.12 on page 290) to have IPv6 source guard forward valid IPv6 addresses and/
or IPv6 prefixes that are stored in the binding table and allow or block data traffic from all link-
local addresses.
• Use the Advanced Application > I P Source Guard > I Pv6 Source Guard Port Setup
screen (
Section 25.13 on page 291) to apply configured IPv6 source guard policies to the ports
you specify.
• Use the Advanced Application > I P Source Guard > I Pv6 Snooping Policy Setup screen
(
Section 25.14 on page 292) to dynamically create an IPv6 source guard binding table using a
DHCPv6 snooping policy. A DHCPv6 snooping policy lets the Switch sniff DHCPv6 packets sent
from a DHCPv6 server to a DHCPv6 client when it is assigning an IPv6 address.
• Use the Advanced Application > I P Source Guard > I Pv6 Snooping VLAN Setup screen
(
Section 25.15 on page 293) to enable a DHCPv6 snooping policy on a specific VLAN interface.
• Use the Advanced Application > I P Source Guard > I Pv6 DHCP Trust Setup screen
(Section 25.16 on page 294) to specify which ports are trusted and untrusted for DHCP snooping.
25.1.2 What You Need to Know
The Switch builds the binding table by snooping DHCP packets (dynamic bindings) and from
information provided manually by administrators (static bindings).
IP source guard consists of the following features:
• Static bindings. Use this to create static bindings in the binding table.
To Next Page
Loading...
