ZyXEL Communications OLT2406 - Chapter 27 IP Source Guard; IP Source Guard; IP Source Guard Overview; What You Can Do

To Next Page

To Previous Page

OLT2406 User’s Guide

224

CHAPTER 27

IP Source Guard

27.1 IP Source Guard Overview

Use IP source guard to filter unauthorized DHCP and ARP packets in your network.

IP source guard uses a binding table to distinguish between authorized and unauthorized DHCP and

ARP packets in your network. A binding contains these key attributes:

• MAC address

• VLAN ID

• IP address

• Port number

When the OLT receives a DHCP or ARP packet, it looks up the appropriate MAC address, VLAN ID, IP

address, and port number in the binding table. If there is a binding, the OLT forwards the packet. If there

is not a binding, the OLT discards the packet.

27.1.1 What You Can Do

• Use the IP Source Guard Setup screen (Section 27.2 on page 225) to look at the current bindings for

DHCP snooping and ARP inspection.

• Use the IP Source Guard Static Binding screen (Section 27.3 on page 226) to manage static bindings

for DHCP snooping and ARP inspection.

• Use the DHCP Snooping screen (Section 27.4 on page 227) to look at various statistics about the DHCP

snooping database.

• Use this DHCP Snooping Configure screen (Section 27.5 on page 230) to enable DHCP snooping on

the OLT (not on specific VLAN), specify the VLAN where the default DHCP server is located, and

configure the DHCP snooping database.

• Use the DHCP Snooping Port Configure screen (Section 27.5.1 on page 232) to specify whether ports

are trusted or untrusted ports for DHCP snooping.

• Use the DHCP Snooping VLAN Configure screen (Section 27.5.2 on page 233) to enable DHCP

snooping on each VLAN and to specify whether or not the OLT adds DHCP relay agent option 82

information to DHCP requests that the OLT relays to a DHCP server for each VLAN.

• Use the ARP Inspection Status screen (Section 27.6 on page 234) to look at the current list of MAC

address filters that were created because the OLT identified an unauthorized ARP packet.

• Use the ARP Inspection VLAN Status screen (Section 27.7 on page 235) to look at various statistics

about ARP packets in each VLAN.

• Use the ARP Inspection Log Status screen (Section 27.8 on page 236) to look at log messages that

were generated by ARP packets and that have not been sent to the syslog server yet.

• Use the ARP Inspection Configure screen (Section 27.9 on page 238) to enable ARP inspection on the

OLT. You can also configure the length of time the OLT stores records of discarded ARP packets and

global settings for the ARP inspection log.

Related product manuals