Buy or Renew
Buy or Renew
Cisco + Splunk: Itā€™s a new day for your data. Learn more.
Ā 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
411
Views
0
Helpful
1
Replies

ip source guard and no dhcp binding

Go to solution
sarahr202
Level 5
Level 5

ā€Ž06-08-2012 05:16 PM - edited ā€Ž03-07-2019 07:09 AM

Hi everybody.

Ip source guard uses dhcp binding table or static binding to dynamically create acl.

h1-------f1/1sw-------dhcp server

sw is configured with ip source guard  on its port f1/1

h1 just powers up and needs an ip address so it sends an  broadcast looking for dhcp server. The switch receives the broadcast frame from h1.How will switch react?( keep in mind,  there is no dhcp binding as it is the very first frame from h1. Also src ip in received frame from h1, is blank i.e 0.0.0.0)

thanks and have a great weekend.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

ā€Ž06-08-2012 05:28 PM

Hi Sarah,

From the config guide:

Initially, all IP traffic on the protected port is blocked except for DHCP packets. After a client receives

an IP address from the DHCP server, or after static IP source binding is configured by the administrator,

all traffic with that IP source address is permitted from that client. Traffic from other hosts is denied.

This filtering limits a hostā€™s ability to attack the network by claiming a neighbor hostā€™s IP address.

IP Source Guard is a port-based feature that automatically creates an implicit port access control list

Here is the link:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/ipsrcgrd.pdf

HTH

Have a nice weekend

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

ā€Ž06-08-2012 05:28 PM

Hi Sarah,

From the config guide:

Initially, all IP traffic on the protected port is blocked except for DHCP packets. After a client receives

an IP address from the DHCP server, or after static IP source binding is configured by the administrator,

all traffic with that IP source address is permitted from that client. Traffic from other hosts is denied.

This filtering limits a hostā€™s ability to attack the network by claiming a neighbor hostā€™s IP address.

IP Source Guard is a port-based feature that automatically creates an implicit port access control list

Here is the link:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/ipsrcgrd.pdf

HTH

Have a nice weekend

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card