LevelOne GSW-4876 User Manual

Page 113

Advertising
background image

C

HAPTER

4

| Configuring the Switch

Configuring Security

– 113 –

When enabled, traffic is filtered based upon dynamic entries learned via

DHCP snooping (see

"Configuring DHCP Snooping"

), or static addresses

configured in the source guard binding table.

If IP source guard is enabled, an inbound packet’s IP address will be

checked against the binding table. If no matching entry is found, the

packet will be dropped.

Filtering rules are implemented as follows:

If DHCP snooping is disabled (see

page 108

), IP source guard will

check the VLAN ID, source IP address, and port number. If a

matching entry is found in the binding table and the entry type is
static IP source guard binding, the packet will be forwarded.

If DHCP snooping is enabled, IP source guard will check the VLAN

ID, source IP address, and port number. If a matching entry is

found in the binding table and the entry type is static IP source

guard binding, or dynamic DHCP snooping binding, the packet will

be forwarded.

If IP source guard if enabled on an interface for which IP source

bindings have not yet been configured (neither by static

configuration in the IP source guard binding table nor dynamically

learned from DHCP snooping), the switch will drop all IP traffic on

that port, except for DHCP packets.

P

ARAMETERS

These parameters are displayed:

Global Configuration

Mode – Enables or disables IP Source Guard globally on the switch. All

configured ACEs will be lost when enabled. (Default: Disabled)

N

OTE

:

DHCP snooping must be enabled for dynamic clients to be learned

automatically.

Translate dynamic to static – Click to translate all dynamic entries to

static entries.

Port Mode Configuration

Port – Port identifier

Mode – Enables or disables IP Source Guard on the specified ports.

Only when both Global Mode and Port Mode on a given port are

enabled, will ARP Inspection take effect on a given port.

(Default: Disabled)

Max Dynamic Clients – Specifies the maximum number of dynamic

clients that can be learned on given ports. This value can be 0, 1, 2 or

unlimited. If the port mode is enabled and the maximum number of

Advertising
Popular Brands
Popular manuals