9 ip source guard – PLANET LRP-822CS User Manual
Page 259
User’s Manual of LRP-822CS
259
4.9.9 IP Source Guard
IP Source Guard is a secure feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering traffic based on the
DHCP Snooping Table or manually configured IP Source Bindings. It helps prevent IP spoofing attacks when a host tries to
spoof and use the IP address of another host.
After receiving a packet, the port looks up the key attributes (including IP address, MAC address and VLAN tag) of the packet in
the binding entries of the IP source guard. If there is a matching entry, the port will forward the packet. Otherwise, the port will
abandon the packet.
IP source guard filters packets based on the following types of binding entries:
IP-port binding entry
MAC-port binding entry
IP-MAC-port binding entry