Enable IP Source Guard on a Port for IPv4 Addresses
Before you begin
Ensure that the following conditions are all satisfied before you enable IPSG on a port. Otherwise, the system displays error messages.
-
DHCP Snooping is enabled globally.
-
The port on which you want to enable IPSG is a member of a VLAN that is configured with both DHCP Snooping and Dynamic ARP Inspection.
-
The port is an untrusted port enabled with both DHCP Snooping and Dynamic ARP Inspection.
-
The port has enough resources allocated to support the maximum number of 10 IP addresses allowed for IPSG.
About this task
Enable IP Source Guard (IPSG) to add a higher level of security to a desired port by preventing IP spoofing. When you enable IPSG on the interface, filters are installed for IPv4 addresses that are already learned on that interface.
Procedure
- In the navigation pane, expand .
- Select Source Guard.
- Select the IP Source Guard-port tab.
- In the row for the applicable port, edit Mode to select ip.
- Select Apply to save your changes.
- Select Refresh to update the IP Source Guard-port tab.
IP Source Guard-port Field Descriptions
Use the data in the following table to use the IP Source Guard-port tab.
Name |
Description |
---|---|
Port |
Identifies the port on which to enable IPSG. |
Mode |
Displays whether IPSG is enabled on the port. The default is disabled. |
Origin |
Specifies the origin of Source Guard configuration on the port. The supported values are:
|