Ip source guard interfaces, Configure ip source guard on an interface – NETGEAR AV Line M4250 GSM4210PX 8-Port Gigabit PoE+ Compliant Managed AV Switch with SFP (220W) User Manual
Page 615
Table 156. DHCPv6 Snooping Statistics information
Description
Field
The number of DHCPv6 messages that were dropped because the source MAC
address and client hardware address did not match. MAC address verification is
performed only if it is globally enabled.
MAC Verify Failures
The number of packets that were dropped by DHCPv6 snooping because the interface
and VLAN on which the packet was received do not match the client’s interface and
VLAN information stored in the binding database.
Client Ifc Mismatch
The number of DHCPv6 server messages that were dropped on an untrusted port.
DHCPv6 Server Msgs
IP source guard interfaces
You can configure IP source guard (IPSG) on individual interfaces. IPSG is a security
feature that filters IP packets based on source ID. This feature helps protect the network
from attacks that use IP address spoofing to compromise or overwhelm the network.
The source ID can be either the source IP address or a combination of a source IP address
and source MAC address, referred to as a pair. The DHCP snooping bindings database,
along with IPSG entries in the database, identify authorized source IDs.
If you enable IPSG on a port on which DHCP snooping is disabled or on which DHCP
snooping is enabled but the port is untrusted, all IP traffic received on that port is
dropped. In addition, IPSG interacts with port security (see Port security on page 567) to
enforce the source MAC address in incoming packets. Port security controls how source
MAC addresses are learned in the Layer 2 forwarding database (the MAC address table).
If a port receives a frame with a previously unlearned source MAC address, port security
uses IPSG to determine if the MAC address belongs to a valid binding.
Configure IP source guard on an interface
You can configure IP source guard on individual interfaces.
To configure IP source guard on an interface:
1. Launch a web browser.
2. In the address field of your web browser, enter the IP address of the switch.
The login page displays.
3. Click the Main UI Login button.
The main UI login page displays in a new tab.
Main User Manual
615
Manage Switch Security
AV Line of Fully Managed Switches M4250 Series Main User Manual