Manualshelf

User manual

ManualsBrandsZYXEL ManualsNetwork Routers & SwitchesGS2210-48HP Network RJ45/SFP switch 48 + 2 ports PoE
221222223224225226227228229230
Chapter 26 IP Source Guard
GS2210 Series User’s Guide
223
CHAPTER 26
IP Source Guard
26.1 IP Source Guard Overview
Use IPv4 and IPv6 source guard to filter unauthorized DHCP and ARP packets in your network.
IP source guard uses a binding table to distinguish between authorized and unauthorized DHCP and
ARP packets in your network. A binding contains these key attributes:
MAC address
VLAN ID
IP address
Port number
When the Switch receives a DHCP or ARP packet, it looks up the appropriate MAC address, VLAN ID, IP
address, and port number in the binding table. If there is a binding, the Switch forwards the packet. If
there is not a binding, the Switch discards the packet.
26.1.1 What You Can Do
Use the IP Source Guard screen (Section 26.2 on page 225) to display the links to the configuration
screens where you can configure IPv4 or IPv6 source guard settings.
Use the IPv4 Source Guard Setup screen (Section 26.3 on page 225) to look at the current bindings for
DHCP snooping and ARP inspection.
Use the IP Source Guard Static Binding screen (Section 26.4 on page 226) to manage static bindings
for DHCP snooping and ARP inspection.
Use the DHCP Snooping screen (Section 26.5 on page 228) to look at various statistics about the DHCP
snooping database.
Use this DHCP Snooping Configure screen (Section 26.6 on page 231) to enable DHCP snooping on
the Switch (not on specific VLAN), specify the VLAN where the default DHCP server is located, and
configure the DHCP snooping database.
Use the DHCP Snooping Port Configure screen (Section 26.6.1 on page 233) to specify whether ports
are trusted or untrusted ports for DHCP snooping.
Use the DHCP Snooping VLAN Configure screen (Section 26.6.2 on page 234) to enable DHCP
snooping on each VLAN and to specify whether or not the Switch adds DHCP relay agent option 82
information to DHCP requests that the Switch relays to a DHCP server for each VLAN.
Use the DHCP Snooping VLAN Port Configure screen (Section 26.6.3 on page 235) to apply a different
DHCP option 82 profile to certain ports in a VLAN.
Use the ARP Inspection Status screen (Section 26.7 on page 237) to look at the current list of MAC
address filters that were created because the Switch identified an unauthorized ARP packet.