Brocade Communications Systems Brocate Ethernet Access Switch 6910 User Manual

Page 949

Advertising
background image

Brocade 6910 Ethernet Access Switch Configuration Guide

899

53-1002581-01

IP Source Guard

41

When enabled, traffic is filtered based upon dynamic entries learned via DHCP snooping (see

“DHCP Snooping”

on page 903), or static addresses configured in the source guard binding

table.

If IP source guard is enabled, an inbound packet’s IP address (SIP option) or both its IP address
and corresponding MAC address (SIP-MAC option) will be checked against the binding table. If
no matching entry is found, the packet will be dropped.

Filtering rules are implemented as follows:

If DHCP snooping is disabled (see

page 904

), IP source guard will check the VLAN ID,

source IP address, port number, and source MAC address (for the SIP-MAC option). If a
matching entry is found in the binding table and the entry type is static IP source guard
binding, the packet will be forwarded.

If DHCP snooping is enabled, IP source guard will check the VLAN ID, source IP address,
port number, and source MAC address (for the SIP-MAC option). If a matching entry is
found in the binding table and the entry type is static IP source guard binding, or dynamic
DHCP snooping binding, the packet will be forwarded.

If IP source guard if enabled on an interface for which IP source bindings have not yet been
configured (neither by static configuration in the IP source guard binding table nor
dynamically learned from DHCP snooping), the switch will drop all IP traffic on that port,
except for DHCP packets.

Parameters

These parameters are displayed:

Filter Type – Configures the switch to filter inbound traffic based source IP address, or source
IP address and corresponding MAC address. (Default: None)

None – Disables IP source guard filtering on the port.

SIP – Enables traffic filtering based on IP addresses stored in the binding table.

SIP-MAC – Enables traffic filtering based on IP addresses and corresponding MAC
addresses stored in the binding table.

Max Binding Entry – The maximum number of entries that can be bound to an interface.
(Range: 1-5; Default: 5)

This parameter sets the maximum number of address entries that can be mapped to an
interface in the binding table, including both dynamic entries discovered by DHCP snooping
(see

“DHCP Snooping”

on page 903) and static entries set by IP source guard (see

“Configuring Static Bindings for IP Source Guard”

on page 900).

Interface

To set the IP Source Guard filter for ports:

1. Click Security, IP Source Guard, Port Configuration.

2. Set the required filtering type for each port.

3. Click Apply

Advertising
Popular Brands
Popular manuals