Chapter 26 IP Source Guard
GS2210 Series User’s Guide
223
•
Use t he ARP I n spe ct ion Log St a t u s scr een (
) t o look at log m essages
t hat w er e generat ed by ARP packet s and t hat have not been sent t o t he syslog ser ver yet .
•
Use t he ARP I n spe ct ion Con figu r e scr een (
) t o enable ARP
inspect ion on t he Sw it ch. You can also configur e t he lengt h of t im e t he Sw it ch st or es r ecor ds of
discar ded ARP packet s and global set t ings for t he ARP inspect ion log.
•
Use t he ARP I n spe ct ion Por t Con f igu r e scr een (
) t o specify
w het her port s ar e t r ust ed or unt r ust ed por t s for ARP inspect ion.
•
Use t he ARP I n spe ct ion V LAN Con figu r e scr een (
) t o enable ARP
inspect ion on each VLAN and t o specify w hen t he Sw it ch generat es log m essages for r eceiving
ARP packet s fr om each VLAN.
•
Use t he I Pv 6 Sou r ce Bin din g St a t u s scr een (
) t o look at t he cur r ent
I Pv6 dynam ic and st at ic bindings and t o rem ove dynam ic bindings based on I Pv6 address and/ or
I Pv6 pr efix.
•
Use t he I Pv 6 St a t ic Bin din g Se t u p screen (
) t o m anually cr eat e an
I Pv6 sour ce guar d binding t able and m anage I Pv6 st at ic bindings.
•
Use t he I Pv 6 Sou r ce Gu a r d Policy Se t u p scr een (
) t o have I Pv6
sour ce guar d for ward valid I Pv6 addr esses and/ or I Pv6 pr efixes t hat are st ored in t he binding
t able and allow or block dat a t raffic fr om all link- local addr esses
•
Use t he I Pv 6 Sou r ce Gu a r d Por t Se t u p scr een (
) t o apply
configur ed I Pv6 sour ce guar d policies t o t he por t s you specify.
•
Use t he I Pv 6 Sn oopin g Policy Se t u p scr een (
) t o dynam ically cr eat e
an I Pv6 sour ce guar d binding t able using a DHCPv6 snooping policy. A DHCPv 6 snooping policy
let s t he Swit ch sniff DHCPv6 packet s sent fr om a DHCPv6 ser ver t o a DHCPv6 client w hen it is
assigning an I Pv6 addr ess.
•
Use t he I Pv 6 Sn oopin g V LAN Se t u p scr een (
) t o enable a DHCPv6
snooping policy on a specific VLAN int er face.
•
Use t he I Pv 6 D H CP Tr u st Se t u p scr een (
) t o specify w hich por t s ar e
t r ust ed and unt r ust ed for DHCP snooping.
26.1.2 What You Need to Know
The Swit ch builds t he binding t able by snooping DHCP packet s ( dynam ic bindings) and fr om
infor m at ion pr ovided m anually by adm inist rat or s ( st at ic bindings) .
I P sour ce guar d consist s of t he following feat ur es:
•
St at ic bindings. Use t his t o cr eat e st at ic bindings in t he binding t able.
•
DHCP snooping. Use t his t o filt er unaut hor ized DHCP packet s on t he net w or k and t o build t he
binding t able dynam ically.
•
ARP inspect ion. Use t his t o filt er unaut hor ized ARP packet s on t he net w or k.
I f you want t o use dynam ic bindings t o filt er unaut hor ized ARP packet s ( t ypical im plem ent at ion) ,
you have t o enable DHCP snooping befor e you enable ARP inspect ion.
26.2 IP Source Guard Screen
Use t his scr een t o go t o t he configurat ion scr eens w her e you can configur e I Pv4 or I Pv6 source
guard set t ings. Click Adv a n ce d Applica t ion > I P Sou r ce Gu a r d in t he navigat ion panel.
Содержание GS2210-24
Страница 18: ...18 PART I User s Guide ...
Страница 33: ...33 PART II Technical Reference ...
Страница 110: ...Chapter 9 VLAN GS2210 Series User s Guide 110 Figure 83 Advanced Application VLAN Port Based VLAN Setup All Connected ...
Страница 111: ...Chapter 9 VLAN GS2210 Series User s Guide 111 Figure 84 Advanced Application VLAN Port Based VLAN Setup Port Isolation ...
Страница 178: ...Chapter 21 Classifier GS2210 Series User s Guide 178 Figure 127 Classifier Example ...
Страница 405: ...Chapter 51 Configure Clone GS2210 Series User s Guide 405 Figure 286 Management Configure Clone ...
Страница 433: ...Appendix D Legal Information GS2210 Series User s Guide 433 Environmental Product Declaration ...