10 ip source guard configuration – PLANET IGS-10020HPT User Manual

User’s Manual of IGS-10020HPT

296

4.12.10 IP Source Guard Configuration

IP Source Guard is a secure feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering traffic based on the

DHCP Snooping Table or manually configured IP Source Bindings. It helps prevent IP spoofing attacks when a host tries to

spoof and use the IP address of another host. This page provides IP Source Guard related configuration. The IP Source Guard

Configuration screen in

Figure 4-12-10

appears.

Figure 4-12-10:

IP Source Guard Configuration Screen Page Screenshot

The page includes the following fields:

Object

Description

 Mode of IP Source

Guard Configuration

Enable the Global IP Source Guard or disable the Global IP Source Guard. All

configured ACEs will be lost when the mode is enabled.

 Port Mode

Configuration

Specify IP Source Guard is enabled on which ports. Only when both Global Mode

and Port Mode on a given port are enabled, IP Source Guard is enabled on this

given port. All means all ports will have one specific setting.

 Max Dynamic Clients

Specify the maximum number of dynamic clients can be learned on given

ports. This value can be 0, 1, 2 and unlimited. If the port mode is enabled

and the value of max dynamic client is equal 0, it means only allow the IP