What You Need To Know; Ip Source Guard - ZyXEL Communications GS2200-24 User Manual
Intelligent layer 2gbe switch
Hide thumbs
Also See for GS2200-24:
- User manual (360 pages) ,
- Specifications (4 pages) ,
- Manual (332 pages)
Table of Contents
Advertisement
Chapter 26 IP Source Guard
• Use the DHCP VLAN Configure screen
DHCP snooping on each VLAN and to specify whether or not the Switch adds
DHCP relay agent option 82 information to DHCP requests that the Switch relays
to a DHCP server for each VLAN.
• Use the ARP Inspection Status screen
the current list of MAC address filters that were created because the Switch
identified an unauthorized ARP packet.
• Use the ARP Inspection VLAN Status screen
look at various statistics about ARP packets in each VLAN.
• Use the ARP Inspection Log Status screen
look at log messages that were generated by ARP packets and that have not
been sent to the syslog server yet.
• Use the ARP Inspection Configure screen
enable ARP inspection on the Switch. You can also configure the length of time
the Switch stores records of discarded ARP packets and global settings for the
ARP inspection log.
• Use the ARP Inspection Port Configure screen
232) to specify whether ports are trusted or untrusted ports for ARP inspection.
• Use the ARP Inspection VLAN Configure screen
234) to enable ARP inspection on each VLAN and to specify when the Switch
generates log messages for receiving ARP packets from each VLAN.
26.3 What You Need to Know
The Switch builds the binding table by snooping DHCP packets (dynamic bindings)
and from information provided manually by administrators (static bindings).
IP source guard consists of the following features:
• Static bindings. Use this to create static bindings in the binding table.
• DHCP snooping. Use this to filter unauthorized DHCP packets on the network
and to build the binding table dynamically.
• ARP inspection. Use this to filter unauthorized ARP packets on the network.
If you want to use dynamic bindings to filter unauthorized ARP packets (typical
implementation), you have to enable DHCP snooping before you enable ARP
inspection.
26.4 IP Source Guard
Use this screen to look at the current bindings for DHCP snooping and ARP
inspection. Bindings are used by DHCP snooping and ARP inspection to distinguish
216
(Section 26.7.2 on page
(Section 26.8 on page
(Section 26.9 on page
(Section 26.10 on page
(Section 26.11 on page
(Section 26.11.1 on page
(Section 26.11.2 on page
GS2200-24 User's Guide
225) to enable
227) to look at
228) to
229) to
230) to
Advertisement
Table of Contents
Troubleshooting
