EasyManuals Logo

Dell PowerConnect 8024 User Manual

Dell PowerConnect 8024
1294 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #757 background imageLoading...
Page #757 background image
Snooping and Inspecting Traffic 757
What Is IP Source Guard?
IPSG is a security feature that filters IP packets based on source ID. This
feature helps protect the network from attacks that use IP address spoofing to
compromise or overwhelm the network.
The source ID may be either the source IP address or a {source IP address,
source MAC address} pair. You can configure:
Whether enforcement includes the source MAC address
Static authorized source IDs
The DHCP snooping bindings database and static IPSG entries identify
authorized source IDs. IPSG can be enabled on physical and LAG ports.
If you enable IPSG on a port where DHCP snooping is disabled or where
DHCP snooping is enabled but the port is trusted, all IP traffic received on
that port is dropped depending on the admin-configured IPSG entries.
IPSG and Port Security
IPSG interacts with port security, also known as port MAC locking, (see "Port
Security (Port-MAC Locking)" on page 507) to enforce the source MAC
address. Port security controls source MAC address learning in the layer 2
forwarding database (MAC address table). When a frame is received with a
previously unlearned source MAC address, port security queries the IPSG
feature to determine whether the MAC address belongs to a valid binding.
If IPSG is disabled on the ingress port, IPSG replies that the MAC is valid. If
IPSG is enabled on the ingress port, IPSG checks the bindings database. If
the MAC address is in the bindings database and the binding matches the
VLAN the frame was received on, IPSG replies that the MAC is valid. If the
MAC is not in the bindings database, IPSG informs port security that the
frame is a security violation.
In the case of an IPSG violation, port security takes whatever action it
normally takes upon receipt of an unauthorized frame. Port security limits the
number of MAC addresses to a configured maximum. If the limit
n
is less
than the number of stations
m
in the bindings database, port security allows
only
n
stations to use the port. If
n > m
, port security allows only the stations
in the bindings database. For information about configuring the Port Security
feature, see "Configuring Port and System Security" on page 469.

Table of Contents

Other manuals for Dell PowerConnect 8024

Preview: User Guide
User Guide778 pages
Preview: Cli Reference Guide
Cli Reference Guide1132 pages
Preview: Configuration Guide
Configuration Guide21 pages
Preview: Upgrading Firmware
Upgrading Firmware24 pages
Preview: Getting Started Guide
Getting Started Guide226 pages
Preview: Release Notes
Release Notes20 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Dell PowerConnect 8024 and is the answer not in the manual?

Dell PowerConnect 8024 Specifications

General IconGeneral
Switching Capacity480 Gbps
StackableYes
Device TypeSwitch
Enclosure TypeRack-mountable
Power RedundancyOptional
Width17.3 in
Height1.7 in
Jumbo Frame SupportYes
Ports24 x 10 Gigabit SFP+
ManagementWeb-based GUI, Command Line Interface (CLI), SNMP
VLAN SupportYes
Power SupplyInternal
Routing ProtocolStatic routing
FeaturesQuality of Service (QoS), VLAN support
Compliant StandardsIEEE 802.3, IEEE 802.3u, IEEE 802.3ab, IEEE 802.3z
Operating Temperature0 to 45 °C
Storage Temperature-20 to 70 °C
Relative Humidity10% to 90% (non-condensing)
MAC Address Table Size32, 000 entries

Related product manuals