GS2200-24 User’s Guide
221
C
H A P T E R
2 5
IP Source Guard
25.1 Overview
Use IP source guard to filter unauthorized DHCP and ARP packets in your network.
IP source guard uses a binding table to distinguish between authorized and
unauthorized DHCP and ARP packets in your network. A binding contains these
key attributes:
• MAC address
• VLAN ID
• IP address
• Port number
When the Switch receives a DHCP or ARP packet, it looks up the appropriate MAC
address, VLAN ID, IP address, and port number in the binding table. If there is a
binding, the Switch forwards the packet. If there is not a binding, the Switch
discards the packet.
25.1.1 What You Can Do
• Use the IP Source Guard screen (
) to look at the
current bindings for DHCP snooping and ARP inspection.
• Use the IP Source Guard Static Binding screen (
) to
manage static bindings for DHCP snooping and ARP inspection.
• Use the DHCP Snooping screen (
) to look at various
statistics about the DHCP snooping database.
• Use this DHCP Snooping Configure screen (
) to
enable DHCP snooping on the Switch (not on specific VLAN), specify the VLAN
where the default DHCP server is located, and configure the DHCP snooping
database.
• Use the DHCP Snooping Port Configure screen (
)
to specify whether ports are trusted or untrusted ports for DHCP snooping.
• Use the DHCP VLAN Configure screen (
) to enable
DHCP snooping on each VLAN and to specify whether or not the Switch adds
DHCP relay agent option 82 information to DHCP requests that the Switch relays
to a DHCP server for each VLAN.