SMC Networks TigerAccess SMC7816M User Manual

C

LIENT

S

ECURITY

7-6

• If the IP source guard is enabled, an inbound packet’s IP address (sip

option) or both its IP address and corresponding MAC address (sip-mac
option) will be checked against the binding table. If no matching entry is
found, the packet will be dropped.

• Filtering rules are implemented as follows:

- If the DHCP snooping is disabled (see page 21-13), IP source guard

will check the VLAN ID, source IP address, port number, and source
MAC address (for the sip-mac option). If a matching entry is found in
the binding table and the entry type is static IP source guard binding,
the packet will be forwarded.

- If the DHCP snooping is enabled, IP source guard will check the

VLAN ID, source IP address, port number, and source MAC address
(for the sip-mac option). If a matching entry is found in the binding
table and the entry type is static IP source guard binding, or dynamic
DHCP snooping binding, the packet will be forwarded.

- If IP source guard if enabled on an interface for which IP source

bindings have not yet been configured (neither by static configuration
in the IP source guard binding table nor dynamically learned from
DHCP snooping), the switch will drop all IP traffic on that port,
except for DHCP packets.

Command Attributes

IP Source Guard Binding

• Binding Counts – The number of static binding entries in the table.
• Current Binding Table – All static entries in the binding table.
• Port – The port to which a staic entry is bound.
• MAC Address – A valid unicast MAC address.
• VLAN – ID of a configured VLAN (Range: 1-4094)
• IP Address – A valid unicast IP address, including classful types A, B or

C.