This section describes how to configure IP Source Guard to add a higher level of security to a port or ports by preventing IP spoofing.
Avaya recommends that you carefully manage the number of applications running on the Ethernet Routing Switch 8300 that use filters. For example, if you configure NSNA on ports and attempt to configure IP Source Guard on those same ports, the IP Source Guard configuration can fail due to the limited number of filters available.
Before you can configure IP Source Guard, you must ensure the following:
Dynamic Host Control Protocol (DHCP) snooping is globally enabled.
For more information about, see Configuring DHCP snooping globally using EDM.
The port is a member of a Virtual LAN (VLAN) configured with DHCP snooping and dynamic Address Resolution Protocol (ARP) Inspection.
The port is an untrusted DHCP snooping and dynamic ARP Inspection port.
A minimum of 10 rules are available on the port.
The bsSourceGuardConfigMode MIB object exists.
This MIB object is used to control the IP Source Guard mode on an interface.
The following applications are not enabled: