Dynamic Ipv4 Source Guard Entries; Configuration Task List - HP 10500 Series Configuration Manual
Security configuration guide
Hide thumbs
Also See for 10500 Series:
- Security configuration manual (596 pages) ,
- Configuration manual (512 pages) ,
- Specifications (42 pages)
Table of Contents
Advertisement
Global static binding entry
A global static binding entry is a MAC-IP binding entry configured in system view. It is effective on all
ports. A port forwards a packet when the packet's IP address and MAC address both match those of a
global static binding entry or a static binding entry configured on the port.
Global static binding entries are used to protect against host spoofing attacks, which exploit the IP
address or MAC address of a legal user host.
Port-based static binding entry
A port-based static binding entry binds an IP address, MAC address, VLAN, or any combination of the
three with a port. Such an entry is effective on only the specified port. A port forwards a packet only
when the IP address and MAC address of the packet all match those in a static binding entry on the port
or a global static binding entry. All other packets are dropped. IP source guard does not use the VLAN
information (if specified) in static binding entries to filter packets.
Port-based static binding entries are used to check the validity of users who are trying to access a port.
Dynamic IPv4 source guard entries
Dynamic IP source guard entries are generated dynamically according to client entries on the DHCP
snooping device or the DHCP relay agent device. They are applicable in cases where many hosts reside
on a LAN and obtain IP addresses through DHCP. Once DHCP allocates an IP address to a client, IP
source guard automatically adds the client entry to allow the client to access the network. Users with IP
addresses not obtained through DHCP cannot access the network.
Dynamic IPv4 source guard entries are generated dynamically based on DHCP snooping or DHCP relay
entries to filter incoming IPv4 packets on a port.
For information about DHCP snooping and DHCP relay, , see Layer 3—IP Services Configuration Guide.
Configuration task list
Configuring IPv4 source guard:
Task
Enabling IPv4 source guard on a port
Configuring a static IPv4 source guard entry
Setting the maximum number of IPv4 source guard entries allowed
on a port
Configuring IPv6 source guard:
Task
Enabling IPv6 source guard on a port
Configuring a static IPv6 source guard entry
Setting the maximum number of IPv6 source guard entries allowed
on a port
Remarks
Required.
Optional.
Optional.
Remarks
Required.
Optional.
Optional.
237
Advertisement
Table of Contents
Troubleshooting
