Ip source guard, Configuring ports for ip source guard, Figure 225 s – Brocade Communications Systems Brocate Ethernet Access Switch 6910 User Manual
Page 948
898
Brocade 6910 Ethernet Access Switch Configuration Guide
53-1002581-01
IP Source Guard
41
FIGURE 225
Showing Statistics for 802.1X Port Supplicant
IP Source Guard
IP Source Guard is a security feature that filters IP traffic on network interfaces based on manually
configured entries in the IP Source Guard table, or dynamic entries in the DHCP Snooping table
when enabled (see
on page 903). IP source guard can be used to prevent traffic
attacks caused when a host tries to use the IP address of a neighbor to access the network. This
section describes commands used to configure IP Source Guard.
Configuring Ports for IP Source Guard
Use the Security > IP Source Guard > Port Configuration page to set the filtering type based on
source IP address, or source IP address and MAC address pairs.
IP Source Guard is used to filter traffic on an insecure port which receives messages from outside
the network or fire wall, and therefore may be subject to traffic attacks caused by a host trying to
use the IP address of a neighbor.
CLI References
•
Command Usage
•
Setting source guard mode to SIP (Source IP) or SIP-MAC (Source IP and MAC) enables this
function on the selected port. Use the SIP option to check the VLAN ID, source IP address, and
port number against all entries in the binding table. Use the SIP-MAC option to check these
same parameters, plus the source MAC address. If no matching entry is found, the packet is
dropped.
NOTE
Multicast addresses cannot be used by IP Source Guard.