Chapter 26 IP Source Guard
GS1920v2 Series User’s Guide
235
C
HA PTER
2 6
IP So urc e G ua rd
26.1 IP So urc e G ua rd O ve rvie w
Use IPv4 source guard to filter unauthorized DHCP and ARP packets in your network.
IP source guard uses a binding table to distinguish between authorized and unauthorized DHCP and
ARP packets in your network. A binding contains these key attributes:
• MAC address
• VLAN ID
• IP address
• Port number
When the Switch receives a DHCP or ARP packet, it looks up the appropriate MAC address, VLAN ID, IP
address, and port number in the binding table. If there is a binding, the Switch forwards the packet. If
there is not a binding, the Switch discards the packet.
26.1.1 Wha t Yo u C a n Do
• Use the
IP So urc e G ua rd
screen (
Section 26.2 on page 236
) to display the links to the configuration
screens where you can configure IPv4 source guard settings.
• Use the
IPv4 So urc e G ua rd Se tup
screen (
Section 26.3 on page 237
) to look at the current bindings for
DHCP snooping and ARP inspection.
• Use the
IP So urc e G ua rd Sta tic Binding
screen (
Section 26.4 on page 237
) to manage static bindings
for DHCP snooping and ARP inspection.
• Use the
DHC P Sno o ping
screen (
Section 26.5 on page 239
) to look at various statistics about the DHCP
snooping database.
• Use this
DHC P Sno o ping C o nfig ure
screen (
Section 26.6 on page 242
) to enable DHCP snooping on
the Switch (not on specific VLAN), specify the VLAN where the default DHCP server is located, and
configure the DHCP snooping database.
• Use the
DHC P Sno o ping Po rt C o nfig ure
screen (
Section 26.6.1 on page 244
) to specify whether ports
are trusted or untrusted ports for DHCP snooping.
• Use the
DHC P Sno o ping VLAN C o nfig ure
screen (
Section 26.6.2 on page 245
) to enable DHCP
snooping on each VLAN and to specify whether or not the Switch adds DHCP relay agent option 82
information to DHCP requests that the Switch relays to a DHCP server for each VLAN.
• Use the
DHC P Sno o ping VLAN Po rt C o nfig ure
screen (
Section 26.6.3 on page 246
) to apply a different
DHCP option 82 profile to certain ports in a VLAN.
• Use the
ARP Inspe c tio n Sta tus
screen (
Section 26.7 on page 248
) to look at the current list of MAC
address filters that were created because the Switch identified an unauthorized ARP packet.
Содержание GS1920-48HPv2
Страница 19: ...19 PA RT I Use r s Guide...
Страница 43: ...43 PA RT II T e c hnic al Re fe re nc e...
Страница 124: ...Chapter 9 VLAN GS1920v2 Series User s Guide 124 Figure 97 Advanced Application VLAN Port Based VLAN Setup Port Isolation...
Страница 155: ...Chapter 13 Spanning Tree Protocol GS1920v2 Series User s Guide 155 Figure 118 MSTP and Legacy RSTP Network Example...
Страница 193: ...GS1920v2 Series User s Guide 193 Figure 140 Classifier Example...
Страница 224: ...Chapter 24 Multicast GS1920v2 Series User s Guide 224 Figure 162 MVR Group Configuration Example 2 EXAMPLE...
Страница 367: ...Chapter 40 Access Control GS1920v2 Series User s Guide 367 Figure 271 Example Lock Denoting a Secure Connection EXAMPLE...
Страница 388: ...Chapter 48 Configure Clone GS1920v2 Series User s Guide 388 Figure 284 Management Configure Clone...