Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
225
Views
0
Helpful
1
Replies

IP source guard question

jackson.ku
Level 3
Level 3

‎07-20-2006 05:44 PM - edited ‎03-03-2019 04:09 AM

Hi,

How many static IP source-guard entries the Catalyst 3750 support? ( we have more than 300PCs )

Best Regards,

Jackson Ku

Labels:
0 Helpful
1 Reply 1

Roberto Salazar
Level 8
Level 8

‎07-20-2006 07:59 PM

IP source guard is a security feature that restricts IP traffic on nonrouted, Layer 2 interfaces by filtering traffic based on the DHCP snooping binding database and on manually configured IP source bindings. You can use IP source guard to prevent traffic attacks caused when a host tries to use the IP address of its neighbor.

You can enable IP source guard when DHCP snooping is enabled on an untrusted interface. After IP source guard is enabled on an interface, the switch blocks all IP traffic received on the interface, except for DHCP packets allowed by DHCP snooping. A port access control list (ACL) is applied to the interface. The port ACL allows only IP traffic with a source IP address in the IP source binding table and denies all other traffic.

The IP source binding table has bindings that are learned by DHCP snooping or are manually configured (static IP source bindings). An entry in this table has an IP address, its associated MAC address, and its associated VLAN number. The switch uses the IP source binding table only when IP source guard is enabled.

With that explanation it is easier to let DHCP Snooping do the dynamic bindings for you. Less admin nightmare.

Please rate helpful posts.

0 Helpful
Customers Also Viewed These Support Documents