HP 6125G HP 6125G & 6125G/XG Blade Switches Security Configuration Gui - Page 236
Configuration task list, Configuring the IPv4 source guard function
View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 236 highlights
and obtain IP addresses through DHCP. Once DHCP allocates an IP address to a client, IP source guard automatically adds the client entry to allow the client to access the network. A user using an IP address not obtained through DHCP cannot access the network. Dynamic IPv4 source guard entries are generated dynamically based on DHCP snooping or DHCP relay entries to filter incoming IPv4 packets on a port. For information about DHCP snooping, DHCP relay, see Layer 3-IP Services Configuration Guide. Configuration task list Complete the following tasks to configure IPv4 source guard: Task Configuring IPv4 source guard on a port Configuring a static IPv4 source guard entry Setting the maximum number of IPv4 source guard entries Remarks Required Optional Optional Configuring the IPv4 source guard function You cannot enable IPv4 source guard on a link aggregation member port or a service loopback group. If IPv4 source guard is enabled on a port, you cannot assign the port to a link aggregation group or a service loopback group. Configuring IPv4 source guard on a port The IPv4 source guard function must be configured on a port before the port can obtain dynamic IPv4 source guard entries and use static and dynamic IPv4 source guard entries to filter packets. • For how to configure a static binding entry, see "Configuring a static IPv4 source guard entry." • On a Layer 2 Ethernet port, IP source guard cooperates with DHCP snooping, dynamically obtains the DHCP snooping entries generated during dynamic IP address allocation, and generates IP source guard entries accordingly. • On a VLAN interface, IP source guard cooperates with DHCP relay, dynamically obtains the DHCP relay entries generated during dynamic IP address allocation across network segments, and generates IP source guard entries accordingly. Dynamic IPv4 source guard entries can contain such information as the MAC address, IP address, VLAN tag, ingress port information, and entry type (DHCP snooping or DHCP relay), where the MAC address, IP address, or VLAN tag information may not be included depending on your configuration. IP source guard applies these entries to the port to filter packets. To generate IPv4 binding entries dynamically based on DHCP entries, make sure that DHCP snooping or DHCP relay is configured and working normally. For information about DHCP snooping configuration and DHCP relay configuration, see Layer 3-IP Services Configuration Guide. If you repeatedly configure the IPv4 source guard function on a port, only the last configuration takes effect. To configure the IPv4 source guard function on a port: 226