ā06-08-2012 05:16 PM - edited ā03-07-2019 07:09 AM
Hi everybody.
Ip source guard uses dhcp binding table or static binding to dynamically create acl.
h1-------f1/1sw-------dhcp server
sw is configured with ip source guard on its port f1/1
h1 just powers up and needs an ip address so it sends an broadcast looking for dhcp server. The switch receives the broadcast frame from h1.How will switch react?( keep in mind, there is no dhcp binding as it is the very first frame from h1. Also src ip in received frame from h1, is blank i.e 0.0.0.0)
thanks and have a great weekend.
Solved! Go to Solution.
ā06-08-2012 05:28 PM
Hi Sarah,
From the config guide:
Initially, all IP traffic on the protected port is blocked except for DHCP packets. After a client receives
an IP address from the DHCP server, or after static IP source binding is configured by the administrator,
all traffic with that IP source address is permitted from that client. Traffic from other hosts is denied.
This filtering limits a hostās ability to attack the network by claiming a neighbor hostās IP address.
IP Source Guard is a port-based feature that automatically creates an implicit port access control list
Here is the link:
HTH
Have a nice weekend
ā06-08-2012 05:28 PM
Hi Sarah,
From the config guide:
Initially, all IP traffic on the protected port is blocked except for DHCP packets. After a client receives
an IP address from the DHCP server, or after static IP source binding is configured by the administrator,
all traffic with that IP source address is permitted from that client. Traffic from other hosts is denied.
This filtering limits a hostās ability to attack the network by claiming a neighbor hostās IP address.
IP Source Guard is a port-based feature that automatically creates an implicit port access control list
Here is the link:
HTH
Have a nice weekend
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide