beautypg.com

Dhcp snooping interface configuration table, Ip source guard – Brocade 6910 Ethernet Access Switch MIB Reference User Manual

Page 76

background image

64

Brocade 6910 Ethernet Access Switch MIB Reference

53-1002652-02

9

IP Source Guard

DHCP Snooping Interface configuration table

IP Source Guard

IP Source Guard is a security feature that restricts IP traffic on untrusted ports. IP Source Guard
filters traffic based on the DHCP snooping binding database or the manually configured IP source
bindings.

When IP Source Guard is first enabled, only DHCP packets are allowed and all IP traffic is blocked.
When the system learns a valid IP address, IP Source Guard then allows IP traffic. Only the traffic
with valid source IP addresses is permitted.

SNMP IP Source Guard MIB objects manage information for the configuration of the IP Source
Guard feature. There are three tables for IP Source Guard:

fdryIpSrcGuardIfConfigTable - enables or disables IP Source Guard on each physical interface.

fdryIpSrcGuardPortVlanConfigTable - enables or disables IP Source Guard on a port on a VLAN.
(Not provided by this switch.)

fdryIpSrcGuardBindTable - provides the IP addresses used for IP Source Guard purposes at
each physical interface, with or without specific VLAN memberships. (To be provided at a later
date.)

Name, Identifier, and Syntax

Access

Description

fdryDhcpSnoopIfConfigTable
brcdIp.1.1.3.36.3.1

N/A

This table allows you to configure the trust state for
DHCP Snooping at each physical interface.

fdryDhcpSnoopIfConfigEntry
brcdIp.1.1.3.36.3.1.1

N/A

A row instance contains the configuration to enable or
disable the trust state for DHCP Snooping at each
physical interface capable of this feature. It is indexed
by the ifIndex.

fdryDhcpSnoopIfTrustValue
brcdIp.1.1.3.36.3.1.1.1
Syntax: TruthValue

Read-write

This object indicates whether the interface is trusted
for DHCP Snooping.
If this object is set to “true”, the interface is trusted.
DHCP packets coming to this interface will be
forwarded without checking.
If this object is set to “false”, the interface is not
trusted. DHCP packets received on this interface will be
subjected to DHCP checks.

See also other documents in the category Brocade Computer Accessories: