IP source guard is another means to restrict IP traffic and take configured actions against violating users. IP traffic on a port is inspected to ensure that a user's MAC and IP addresses are found in the binding table created by DHCP snooping. Changes to a user's IP address are counted and action is taken, as configured.
Like DAI, the anti-spoofing feature can be configured so that IP source guard is also able to add entries to the MAC-to-IP binding database dynamically, based upon IP traffic traversing the switch. This is particularly beneficial in an environment not limited to edge devices or one in which DHCP is not the sole proprietor of network IP addresses.