Filtering IP Source Guard addresses using EDM

Use the following procedure to filter IP Source Guard addresses to display IP Source Guard information for specific IP addresses.

ImportantImportant

Hardware resources can run out if IP Source Guard is enabled on trunk ports with a large number of VLANs, which have DHCP snooping enabled. If this happens, traffic sending can be interrupted for some clients. Avaya recommends that IP Source Guard not be enabled on trunk ports.

ImportantImportant

The IP addresses are obtained from DHCP snooping binding table entries defined automatically in the port. A maximum 10 IP addresses from the binding table are allowed and the rest are dropped.

Prerequisites

Before you can configure IP Source Guard, you must ensure the following:

  • Dynamic Host Control Protocol (DHCP) snooping is globally enabled.

    For more information about, see Configuring DHCP snooping globally using EDM.

  • The port is a member of a Virtual LAN (VLAN) configured with DHCP snooping and dynamic Address Resolution Protocol (ARP) Inspection.

  • The port is an untrusted DHCP snooping and dynamic ARP Inspection port.

  • A minimum of 10 rules are available on the port.

  • The bsSourceGuardConfigMode MIB object exists.

    This MIB object is used to control the IP Source Guard mode on an interface.

  • The following applications are not enabled:

    • IP Fix

    • Extensible Authentication Protocol over LAN (EAPoL)

Procedure steps

  1. From the navigation tree, double-click Security.

  2. In the Security tree, double-click IP Source Guard (IPSG).

  3. In the work area, click the IP Source Guard-addresses tab.

  4. In the table, select a record.

  5. In the toolbar, click Filter.

    The IP Source Guard-addresses - Filter tab appears.

  6. Configure the parameters as required.

  7. Click Filter.

Variable definitions

Use the data in the following table to filter IP Source Guard addresses.

Variable Value
Condition
Indicates the type of search condition used. Possible values are
  • AND: Includes keywords specified in both the Port and Address fields while filtering results.

  • OR: Includes either one of the keywords specified in the Port and Address fields while filtering results.

Ignore Case Ignores the letter case while searching.
Column
Searches the columns based on the content of column search specified. Possible values are
  • Contains

  • Does not contain

  • Equals to

  • Does not equal to

All records Displays all entries in the table.
Port Searches for the specified port.
Address Searches for the specified IP address.

Use the data in the following table to display IP Source Guard information for filtered addresses.

Variable Value
Port Indicates the port number.
Type Indicates the internet address type.
Address Indicates the IP address allowed by IP Source Guard.
Source Indicates the source of the address.