Difference between revisions of "Netband Project - IP Source Guard"

Revision as of 10:49, 14 April 2009

<accesscontrol>NetBand</accesscontrol> This page is part of the Netband Project

IP source guard is a security feature that restricts IP traffic on nonrouted, Layer 2 interfaces by filtering traffic based on the DHCP snooping binding database and on manually configured IP source bindings. You can use IP source guard to prevent traffic attacks caused when a host tries to use the IP address of its neighbor.
IP source guard is supported only on Layer 2 ports, including access and trunk ports
An ACL is applied to the interface, which allows only IP traffic with a source IP address in the IP source binding table and denies all other traffic.
Filtering options
- Source IP address
  - The switch forwards IP traffic when the source IP address matches an entry in the DHCP snooping binding database or a binding in the IP source binding table.
- Source IP and MAC Address
  - The switch forwards traffic only when the source IP and MAC addresses match an entry in the IP source binding table.

@@ Line 5: / Line 5: @@
 *IP source guard is supported only on Layer 2 ports, including access and trunk ports
 * An ACL is applied to the interface, which allows only IP traffic with a source IP address in the IP source binding table and denies all other traffic.
-*Filtering options
+*'''Filtering options'''
 **Source IP address
 ***The switch forwards IP traffic when the source IP address matches an entry in the DHCP snooping binding database or a binding in the IP source binding table.
 **Source IP and MAC Address
 ***The switch forwards traffic only when the source IP and MAC addresses match an entry in the IP source binding table.