Configuring IP Source Guard on a port using EDM

Use the following procedure to configure IP Source Guard to enable or disable a higher level of security on a port or ports.

ImportantImportant

The IP addresses are obtained from DHCP snooping binding table entries defined automatically in the port. A maximum 10 IP addresses from the binding table are allowed and the rest are dropped.

Prerequisites

Before you can configure IP Source Guard, you must ensure the following:

  • Dynamic Host Control Protocol (DHCP) snooping is globally enabled.

    For more information about, see Configuring DHCP snooping globally using EDM.

  • The port is a member of a Virtual LAN (VLAN) configured with DHCP snooping and dynamic Address Resolution Protocol (ARP) Inspection.

  • The port is an untrusted DHCP snooping and dynamic ARP Inspection port.

  • A minimum of 10 rules are available on the port.

  • The bsSourceGuardConfigMode MIB object exists.

    This MIB object is used to control the IP Source Guard mode on an interface.

  • The following applications are not enabled:

    • IP Fix

    • Extensible Authentication Protocol over LAN (EAPoL)

Procedure steps

  1. From the navigation tree, double-click Security.

  2. In the Security tree, double-click IP Source Guard (IPSG).

  3. In the work area, click the IP Source Guard -port tab.

  4. In the table, double-click the cell under the column heading Mode for a port.

  5. Select a value (enabled or disabled) to enable or disable IP Source Guard.

  6. In the toolbar, click Apply.

  7. In the toolbar, click Refresh to update the IP Source Guard-port dialog box display.

Variable definitions

Use the data in the following table to enable IP Source Guard on a port.

Variable Value
Port Identifies the port number.
Mode Identifies the Source Guard mode for the port. The mode can be disabled or ip. The default mode is disabled.