R2511-HP MSR Router Series Security Configuration Guide(V5)
414
IP source guard uses static IPv4 source guard binding entries on a port to filter IPv4 packets received by
the port.
Dynamic IP source guard binding entries
Dynamic IP source guard binding entries are generated dynamically according to client entries on the
DHCP snooping device. They are applicable in cases where many hosts reside on a LAN and obtain IP
addresses through DHCP.
Once DHCP allocates an IP address to a client, the DHCP snooping device generates a snooping entry.
Based on the entry, IP source guard adds a binding entry automatically. It allows the client to access the
network. Users with IP addresses not obtained through DHCP cannot access the network.
Dynamic IPv4 source guard binding entries are generated dynamically based on DHCP snooping entries
to filter incoming IPv4 packets on a port.
For information about DHCP snooping, see Layer 3—IP Services Configuration Guide.
IPv4 source guard configuration task list
To configure IPv4 source guard:
Task Remarks
Enabling IPv4 source guard on a port Required.
Configuring a static IPv4 source guard binding entry Optional.
Setting the maximum number of IPv4 source guard binding entries Optional.
Configuring IPv4 source guard
The following matrix shows the feature and router compatibility:
Hardware IPv4 source guard function IPv4 binding entries
Configured on
multi
p
le
p
orts
MSR900 Yes on Layer 2 fixed Ethernet ports.
Yes.
Supports only static binding
entries.
Yes.
MSR93X Yes on Layer 2 fixed Ethernet ports.
Yes.
Supports only dynamic MAC-port
binding entries.
Yes.
MSR20-1X No. No. No.
MSR20 No. No. No.