Table of Contents
Advertisement
Raisecom
ISCOM2600G-HI (A) Series Configuration Guide
permitted to forward normally. Otherwise, the user is an attacker and the IP packets are
discarded.
10.8.2 Preparing for configurations
Scenario
There are often some IP source spoofing attacks on the network. For example, the attacker
forges legal users to send IP packets to the server, or the attacker forges the source IP address
of another user to communicate. This prevents legal users from accessing network services
normally.
With IP Source Guard binding, you can filter and control packets forwarded by the interface,
prevent the illegal packets from passing through the interface, thus to restrict the illegal use of
network resources and improve the interface security.
Prerequisite
Enable DHCP Snooping if there are DHCP users.
10.8.3 Default configurations of IP Source Guard
Default configurations of IP Source Guard are as below.
IP Source Guard static binding
IP Source Guard dynamic binding
Interface trust status
10.8.4 Configuring interface trust status of IP Source Guard
Configure the interface trust status of IP Source Guard for the ISCOM2600G-HI series switch
as below.
Step
1
2
3
Function
Command
Raisecom#config
Raisecom(config)#
interface
interface-type
interface-number
Raisecom(config-
gigaethernet1/1/p
ort)#ip verify
source trust
Raisecom Proprietary and Confidential
Copyright © Raisecom Technology Co., Ltd.
Disable
Disable
Untrusted
Description
Enter global configuration mode.
Enter physical layer interface configuration mode.
(Optional) configure the interface to a trusted interface.
Use the no ip verify source trust command to configure
the interface as an untrusted interface. In this case, all
packets, except DHCP packets and IP packets that meet
binding relation, are not forwarded. When the interface
is in trusted status, all packets are forwarded normally.
10 Security
Default value
440
Advertisement
Table of Contents
