Use the following procedure to configure IP Source Guard to enable or disable a higher level of security on a port or ports.
The IP addresses are obtained from DHCP snooping binding table entries defined automatically in the port. A maximum 10 IP addresses from the binding table are allowed and the rest are dropped.
Before you can configure IP Source Guard, you must ensure the following:
Dynamic Host Control Protocol (DHCP) snooping is globally enabled.
For more information about, see Configuring DHCP snooping globally using EDM.
The port is a member of a Virtual LAN (VLAN) configured with DHCP snooping and dynamic Address Resolution Protocol (ARP) Inspection.
The port is an untrusted DHCP snooping and dynamic ARP Inspection port.
A minimum of 10 rules are available on the port.
The bsSourceGuardConfigMode MIB object exists.
This MIB object is used to control the IP Source Guard mode on an interface.
The following applications are not enabled:
IP Fix
Extensible Authentication Protocol over LAN (EAPoL)
From the navigation tree, double-click Security.
In the Security tree, double-click IP Source Guard (IPSG).
In the work area, click the IP Source Guard -port tab.
In the table, double-click the cell under the column heading Mode for a port.
Select a value (enabled or disabled) to enable or disable IP Source Guard.
In the toolbar, click Apply.
In the toolbar, click Refresh to update the IP Source Guard-port dialog box display.