10 ip source guard configuration – Interlogix NS3550-2T-8S User Manual User Manual

IFS NS3552-8P-2S AND NS3550-2T-8S User Manual

282

4.12.10 IP Source Guard Configuration

IP Source Guard is a secure feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering traffic based on the

DHCP Snooping Table or manually configured IP Source Bindings. It helps prevent IP spoofing attacks when a host tries to spoof

and use the IP address of another host. This page provides IP Source Guard related configuration. The IP Source Guard

Configuration screen in

Figure 4-12-10

appears.

Figure 4-12-10: IP Source Guard Configuration Screen Page Screenshot

The page includes the following fields:

Object

Description

• Mode of IP Source

Guard Configuration

Enable the Global IP Source Guard or disable the Global IP Source Guard. All
configured ACEs will be lost when the mode is enabled.

• Port Mode

Configuration

Specify IP Source Guard is enabled on which ports. Only when both Global Mode
and Port Mode on a given port are enabled, IP Source Guard is enabled on this
given port. All means all ports will have one specific setting.

• Max Dynamic Clients

Specify the maximum number of dynamic clients can be learned on given
ports. This value can be 0, 1, 2 and unlimited. If the port mode is enabled
and the value of max dynamic client is equal 0, it means only allow the IP
packets forwarding that are matched in static entries on the specific port.

All means all ports will have one specific setting.

Buttons