Ruijie Community

Title: Descriptions of the Security Function of the Switch [Print this page]

Author: admin Time: 2017-5-3 16:53
Title: Descriptions of the Security Function of the Switch

Descriptions of the Security Function of the Switch

Author: admin Time: 2017-5-3 16:53

IP Source Guard + DHCP Snooping

DHCP Snooping maintains a database of user IP address, and provides data in the database to the IP Source Guard function for filtering so that only users who obtain IP addresses over DHCP can access the network. In this way, IP Source Guard + DHCP Snooping prevent users from setting static IP addresses at discretion.

The IP Source Guard function maintains an source IP address database, and sets user information (VLAN, MAC address, IP address, and port) in the database as hardware filtering entries so that only users whose information match the database can access the network.

The IP Source Guard conducts effective security control in DHCP according to the bound source IP address database. The IP Source Guard automatically synchronizes data of valid users in the database bound to the DHCP Snooping to the source IP address database bound to the IP Source Guard. In this way, the IP Source Guard can stringently filter client packets on the device where DHCP Snooping is enabled. ------Note: You can run the show ip source binding command to display the user IP addresses + MAC addresses bound to ip verify source.

In DHCP Snooping, the IP Source Guard must be enabled if ARP-check needs to be enabled. The configuration is as follows:

ip dhcp snooping

interface 0/x

ip verify source

arp-check

Welcome to Ruijie Community (https://community.ruijienetworks.com/)