Enable IP Source Guard on a Port for IPv4 Addresses
About this task
Enable IP Source Guard (IPSG) to add a higher level of security to a desired port by preventing IP spoofing. When you enable IPSG on the interface, filters are installed for IPv4 addresses that are already learned on that interface.
Before you begin
Ensure that the following conditions are all satisfied, before you enable IPSG on a port. Otherwise, the system displays error messages.
-
DHCP Snooping is enabled globally.
-
The port on which you want to enable IPSG is a member of a VLAN that is configured with both DHCP Snooping and Dynamic ARP Inspection.
-
The port is an untrusted port enabled with both DHCP Snooping and Dynamic ARP Inspection.
-
The port has enough resources allocated to support the maximum number of 10 IP addresses allowed for IPSG.
Procedure
- In the navigation pane, expand .
- Click Source Guard.
- Click the IP Source Guard-port tab.
- Double-click the Mode field
- Select ip from the list, to enable IPSG.
- Repeat the steps above to configure IPSG on additional ports.
- Click Apply to save your changes.
- Click Refresh to update the IP Source Guard-port tab.
IP Source Guard-port field descriptions
Use the data in the following table to use the IP Source Guard-port tab.
Name |
Description |
---|---|
Port |
Identifies the port on which to enable IPSG. |
Mode |
Displays whether IPSG is enabled on the port. The default is disabled. |
Origin |
Specifies the origin of Source Guard configuration on the port. The supported values are:
|