beautypg.com

Ip source guard interfaces – NETGEAR M4350-24F4V 24-Port 10G SFP+ Managed AV Network Switch User Manual

Page 755

background image

6. Select whether to display physical interfaces, LAGs, or both by clicking one of the

following links above the table heading:

1 or Unit ID for a stacked switch:

-

1: If no switch stack is configured, the physical interfaces for the switch are
displayed.

-

Unit ID for a stacked switch: If a switch stack is configured, the physical
interfaces for the switch with the selected stack unit ID are displayed.

LAG: Only LAGs are displayed.

All: Both physical interfaces and LAGs are displayed, or for a switch stack, both
physical interfaces on all switches in the stack and LAGs are displayed.

7. Click the Clear button to clear all interfaces statistics.

8. To save the settings to the running configuration, click the Save icon.

The following table describes the DHCPv6 snooping statistics.

Table 171. DHCPv6 Snooping Statistics information

Description

Field

The number of DHCPv6 messages that were dropped because the source MAC
address and client hardware address did not match. MAC address verification is
performed only if it is globally enabled.

MAC Verify Failures

The number of packets that were dropped by DHCPv6 snooping because the interface
and VLAN on which the packet was received do not match the client’s interface and
VLAN information stored in the binding database.

Client Ifc Mismatch

The number of DHCPv6 server messages that were dropped on an untrusted port.

DHCPv6 Server Msgs

IP source guard interfaces

You can configure IP source guard (IPSG) on individual interfaces. IPSG is a security
feature that filters IP packets based on source ID. This feature helps protect the network
from attacks that use IP address spoofing to compromise or overwhelm the network.
The source ID can be either the source IP address or a combination of a source IP address
and source MAC address, referred to as a pair. The DHCP snooping bindings database,
along with IPSG entries in the database, identify authorized source IDs.

If you enable IPSG on a port on which DHCP snooping is disabled or on which DHCP
snooping is enabled but the port is untrusted, all IP traffic received on that port is
dropped. In addition, IPSG interacts with port security (see Port security on page 704) to
enforce the source MAC address in incoming packets. Port security controls how source
MAC addresses are learned in the Layer 2 forwarding database (the MAC address table).

Main User Manual

755

Manage Switch Security

Fully Managed Switches M4350 Series Main User Manual