IPv4 and IPv6 Source Guard allow for the administrative control of which clients can transmit or receive data to/from a switch port.
A switch port will by default dynamically learn any downstream clients from the switch port and update its MAC address table accordingly.
By configuring IP Source Guard, the switch port can be configured with a maximum number of dynamically learned clients. Additionally, static bindings can be created which create static entries in the MAC address table.
IP Source Guard operates in a similar fashion to Dynamic ARP Inspection. Where Dynamic ARP Inspection is designed to prevent ARP spoofing attacks, IP Source Guard is designed to prevent IP spoofing attacks.
IP Source Guard uses the DHCP Snooping Database to verify the authenticity of a host’s IP address.
Configuration
FLEX24-10G# configure terminal
FLEX24-10G(config)# interface GigabitEthernet 1/1
FLEX24-10G(config-if)# ip verify source
FLEX24-10G(config-if)# ip verify source limit 1
FLEX24-10G(config-if)# ipv6 verify source
FLEX24-10G(config-if)# ipv6 verify source limit 2
FLEX24-10G(config-if)# end
FLEX24-10G# copy running-config startup-config
Refer to the Admin Guide for all the advanced settings available in the switch. You’ll find additional resources like the Datasheet, Admin Guide, A&E spec sheet, etc on the product page here.
For more assistance,
|
Comments
0 comments
Please sign in to leave a comment.