EasyManuals Logo
Home>Cisco>Switch>SG550XG-8F8T

Cisco SG550XG-8F8T User Manual

Cisco SG550XG-8F8T
725 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #475 background imageLoading...
Page #475 background image
Security
IP Source Guard
319 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x
16
• DHCP Snooping must be globally enabled in order to enable IP Source Guard on an
interface.
• IP source guard can be active on an interface only if:
- DHCP Snooping is enabled on at least one of the port's VLANs
- The interface is DHCP untrusted. All packets on trusted ports are forwarded.
• If a port is DHCP trusted, filtering of static IP addresses can be configured, even
though IP Source Guard is not active in that condition by enabling IP Source Guard on
the port.
• When the ports status changes from DHCP untrusted to DHCP trusted, the static IP
address filtering entries remain in the Binding database, but they become inactive.
• Port security cannot be enabled if source IP and MAC address filtering is configured
on a port.
• IP Source Guard uses TCAM resources and requires a single TCAM rule per IP Source
Guard address entry. If the number of IP Source Guard entries exceeds the number of
available TCAM rules, the extra addresses are inactive.
Filtering
If IP Source Guard is enabled on a port then:
• DHCP packets allowed by DHCP Snooping are permitted.
• If source IP address filtering is enabled:
- IPv4 traffic: Only traffic with a source IP address that is associated with the port is
permitted.
- Non IPv4 traffic: Permitted (Including ARP packets).
IP Source Guard Work Flow
To configure IP Source Guard:
STEP 1 Enable (DHCP Snooping) Properties page.
STEP 2 Define the VLANs on which DHCP Snooping is enabled in the (DHCP Snooping) Interface
Settings page.
STEP 3 Configure interfaces as trusted or untrusted in the (DHCP Snooping) Interface Settings page.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco SG550XG-8F8T and is the answer not in the manual?

Cisco SG550XG-8F8T Specifications

General IconGeneral
BrandCisco
ModelSG550XG-8F8T
CategorySwitch
LanguageEnglish

Related product manuals