Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
577
Views
0
Helpful
1
Replies

ip source guard

carl_townshend
Spotlight
Spotlight

‎02-28-2008 07:10 AM - edited ‎03-05-2019 09:26 PM

Hi all, I have heard of ip source guard, can anyone tell me what it is ?

Labels:
0 Helpful
1 Reply 1

bjw
Level 4
Level 4

‎02-28-2008 07:19 AM

Simply put, it provides layer 2 port protection to ensure that a specific Host IP is the only device allowed to work on a layer 2 switch port. This is combined with IP DHCP Snooping and also IP Arp inspection can be used to ensure that only devices with Valid MAC/IP combinations are allowed to communicate on a switch.

See this snippet :

Overview of IP Source Guard

Similar to DHCP snooping, this feature is enabled on a DHCP snooping untrusted Layer 2 port. Initially, all IP traffic on the port is blocked except for DHCP packets that are captured by the DHCP snooping process. When a client receives a valid IP address from the DHCP server, or when a static IP source binding is configured by the user, a per-port and VLAN Access Control List (PVACL) is installed on the port. This process restricts the client IP traffic to those source IP addresses configured in the binding; any IP traffic with a source IP address other than that in the IP source binding will be filtered out. This filtering limits a host's ability to attack the network by claiming a neighbor host's IP address.

IN

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/20ew/configuration/guide/dhcp.html#wp1083306

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card