Chapter 27 IP Source Guard
XGS4600 Series User’s Guide
296
C
HAPTER
27
IP Source Guard
27.1 IP Source Guard Overview
IP source guard uses a binding table to distinguish between authorized and unauthorized DHCP and
ARP packets in your network. A binding contains these key attributes:
• MAC address
• VLAN ID
• IP address
• Port number
When the Switch receives a DHCP or ARP packet, it looks up the appropriate MAC address, VLAN ID, IP
address, and port number in the binding table. If there is a binding, the Switch forwards the packet. If
there is not a binding, the Switch discards the packet.
The Switch builds the binding table by snooping DHCP packets (dynamic bindings) and from information
provided manually by administrators (static bindings).
IP source guard consists of the following features:
• Static bindings. Use this to create static bindings in the binding table.
• DHCP snooping. Use this to filter unauthorized DHCP packets on the network and to build the binding
table dynamically.
• ARP inspection. Use this to filter unauthorized ARP packets on the network.
If you want to use dynamic bindings to filter unauthorized ARP packets (typical implementation), you
have to enable DHCP snooping before you enable ARP inspection.
27.1.1 What You Can Do
• Use the
IP Source Guard
) to look at the current bindings for DHCP
snooping and ARP inspection.
• Use the
IP Source Guard Static Binding
screen (
) to manage static bindings
for DHCP snooping and ARP inspection.
27.1.2 What You Need to Know
The Switch builds the binding table by snooping DHCP packets (dynamic bindings) and from information
provided manually by administrators (static bindings).
IP source guard consists of the following features:
Содержание XGS4600 Series
Страница 24: ...24 PART I User s Guide ...
Страница 44: ...44 PART II Technical Reference ...
Страница 180: ...Chapter 13 Spanning Tree Protocol XGS4600 Series User s Guide 180 Figure 145 MSTP and Legacy RSTP Network Example ...
Страница 189: ...Chapter 16 Mirroring XGS4600 Series User s Guide 189 Figure 150 Advanced Application Mirroring Standalone Mode ...
Страница 244: ...Chapter 22 Policy Rule XGS4600 Series User s Guide 244 Figure 189 Policy Example EXAMPLE ...
Страница 277: ...Chapter 25 Multicast XGS4600 Series User s Guide 277 Figure 215 Advanced Application Multicast MVR Standalone Mode ...
Страница 559: ...Chapter 59 Access Control XGS4600 Series User s Guide 559 Figure 460 Example Lock Denoting a Secure Connection EXAMPLE ...
Страница 586: ...Chapter 69 Configure Clone XGS4600 Series User s Guide 586 Figure 479 Management Configure Clone Standalone Mode ...
Страница 587: ...Chapter 69 Configure Clone XGS4600 Series User s Guide 587 Figure 480 Management Configure Clone Stacking Mode ...
Страница 594: ...Chapter 71 Port Status XGS4600 Series User s Guide 594 Figure 485 Management Port Status Port Details Standalone Mode ...
Страница 604: ...604 PART III Troubleshooting and Appendices ...