10 ip source guard configuration – Interlogix NS3550-8T-2S User Manual User Manual

244

4.12.10 IP Source Guard Configuration

IP Source Guard is a secure feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering traffic based on the
DHCP Snooping Table or manually configured IP Source Bindings. It helps prevent IP spoofing attacks when a host tries to
spoof and use the IP address of another host. This page provides IP Source Guard related configuration. The IP Source Guard
Configuration screen in

Figure 4-12-10

appears.

Figure 4-12-10:

IP Source Guard Configuration Screen Page Screenshot

The page includes the following fields:

Object

Description

 Mode of IP Source

Guard Configuration

Enable the Global IP Source Guard or disable the Global IP Source Guard. All
configured ACEs will be lost when the mode is enabled.

 Port Mode

Configuration

Specify IP Source Guard is enabled on which ports. Only when both Global Mode
and Port Mode on a given port are enabled, IP Source Guard is enabled on this
given port. All means all ports will have one specific setting.

 Max Dynamic Clients

Specify the maximum number of dynamic clients can be learned on given
ports. This value can be 0, 1, 2 and unlimited. If the port mode is enabled
and the value of max dynamic client is equal 0, it means only allow the IP
packets forwarding that are matched in static entries on the specific port.

All

means all ports will have one specific setting.

Buttons

: Click to translate all dynamic entries to static entries.

: Click to save changes.

:

Click to undo any changes made locally and revert to previously saved values.