Cisco Systems SG50028PK9NA Manual De Usuario
Security
DHCP Snooping
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
369
18
•
Interface—Select the interface on which the IP fragmentation is being
defined.
defined.
•
IP Address—Enter an IP network from which the fragmented IP packets is
filtered or select All Addresses to block IP fragmented packets from all
addresses. If you enter the IP address, enter either the mask or prefix length.
filtered or select All Addresses to block IP fragmented packets from all
addresses. If you enter the IP address, enter either the mask or prefix length.
•
Network Mask—Select the format for the subnet mask for the source IP
address, and enter a value in one of the field:
address, and enter a value in one of the field:
-
Mask—Select the subnet to which the source IP address belongs and
enter the subnet mask in dotted decimal format.
enter the subnet mask in dotted decimal format.
-
Prefix Length—Select the Prefix Length and enter the number of bits that
comprise the source IP address prefix.
comprise the source IP address prefix.
STEP 4
Click Apply. The IP fragmentation is defined, and the Running Configuration file is
updated.
updated.
DHCP Snooping
See
IP Source Guard
IP Source Guard is a security feature that can be used to prevent traffic attacks
caused when a host tries to use the IP address of its neighbor.
caused when a host tries to use the IP address of its neighbor.
When IP Source Guard is enabled, the device only transmits client IP traffic to IP
addresses contained in the DHCP Snooping Binding database. This includes both
addresses added by DHCP Snooping and manually-added entries.
addresses contained in the DHCP Snooping Binding database. This includes both
addresses added by DHCP Snooping and manually-added entries.
If the packet matches an entry in the database, the device forwards it. If not, it is
dropped.
dropped.
Interactions with Other Features
The following points are relevant to IP Source Guard: