Enable IP Source Guard on a Port for IPv4 Addresses

Before you begin

Ensure that the following conditions are all satisfied before you enable IPSG on a port. Otherwise, the system displays error messages.

  • DHCP Snooping is enabled globally.

  • The port on which you want to enable IPSG is a member of a VLAN that is configured with both DHCP Snooping and Dynamic ARP Inspection.

  • The port is an untrusted port enabled with both DHCP Snooping and Dynamic ARP Inspection.

  • The port has enough resources allocated to support the maximum number of 10 IP addresses allowed for IPSG.

About this task

Enable IP Source Guard (IPSG) to add a higher level of security to a desired port by preventing IP spoofing. When you enable IPSG on the interface, filters are installed for IPv4 addresses that are already learned on that interface.

Procedure

  1. In the navigation pane, expand Configuration > IP.
  2. Select Source Guard.
  3. Select the IP Source Guard-port tab.
  4. In the row for the applicable port, edit Mode to select ip.
  5. Select Apply to save your changes.
  6. Select Refresh to update the IP Source Guard-port tab.

IP Source Guard-port Field Descriptions

Use the data in the following table to use the IP Source Guard-port tab.

Name

Description

Port

Identifies the port on which to enable IPSG.

Mode

Displays whether IPSG is enabled on the port.

The default is disabled.

Origin

Specifies the origin of Source Guard configuration on the port. The supported values are:

  • config - Set by the user.

  • radius - Set by the Remote Authentication Dial-In User Service (RADIUS) attribute.
9039040-00 Rev AB