ZyXEL Communications XGS-4526 사용자 설명서
XGS-4526/4528F/4728F User’s Guide
259
C
H A P T E R
2 6
IP Source Guard
Use IP source guard to filter unauthorized DHCP and ARP packets in your network.
26.1 IP Source Guard Overview
IP source guard uses a binding table to distinguish between authorized and
unauthorized DHCP and ARP packets in your network. A binding contains these
key attributes:
unauthorized DHCP and ARP packets in your network. A binding contains these
key attributes:
• MAC address
• VLAN ID
• IP address
• Port number
• VLAN ID
• IP address
• Port number
When the Switch receives a DHCP or ARP packet, it looks up the appropriate MAC
address, VLAN ID, IP address, and port number in the binding table. If there is a
binding, the Switch forwards the packet. If there is not a binding, the Switch
discards the packet.
address, VLAN ID, IP address, and port number in the binding table. If there is a
binding, the Switch forwards the packet. If there is not a binding, the Switch
discards the packet.
The Switch builds the binding table by snooping DHCP packets (dynamic bindings)
and from information provided manually by administrators (static bindings).
and from information provided manually by administrators (static bindings).
IP source guard consists of the following features:
• Static bindings. Use this to create static bindings in the binding table.
• DHCP snooping. Use this to filter unauthorized DHCP packets on the network
• DHCP snooping. Use this to filter unauthorized DHCP packets on the network
and to build the binding table dynamically.
• ARP inspection. Use this to filter unauthorized ARP packets on the network.
If you want to use dynamic bindings to filter unauthorized ARP packets (typical
implementation), you have to enable DHCP snooping before you enable ARP
inspection.
implementation), you have to enable DHCP snooping before you enable ARP
inspection.