Chapter 25 IP Source Guard
GS2200-24 User’s Guide
222
•Use the ARP Inspection Status screen (Section 25.6 on page 233) to look at
the current list of MAC address filters that were created because the Switch
identified an unauthorized ARP packet.
•Use the ARP Inspection VLAN Status screen (Section 25.7 on page 234) to
look at various statistics about ARP packets in each VLAN.
•Use the ARP Inspection Log Status screen (Section 25.8 on page 235) to look
at log messages that were generated by ARP packets and that have not been
sent to the syslog server yet.
•Use the ARP Inspection Configure screen (Section 25.9 on page 236) to
enable ARP inspection on the Switch. You can also configure the length of time
the Switch stores records of discarded ARP packets and global settings for the
ARP inspection log.
•Use the ARP Inspection Port Configure screen (Section 25.9.1 on page 238)
to specify whether ports are trusted or untrusted ports for ARP inspection.
•Use the ARP Inspection VLAN Configure screen (Section 25.9.2 on page
240) to enable ARP inspection on each VLAN and to specify when the Switch
generates log messages for receiving ARP packets from each VLAN.
25.1.2 What You Need to Know
The Switch builds the binding table by snooping DHCP packets (dynamic bindings)
and from information provided manually by administrators (static bindings).
IP source guard consists of the following features:
• Static bindings. Use this to create static bindings in the binding table.
• DHCP snooping. Use this to filter unauthorized DHCP packets on the network
and to build the binding table dynamically.
• ARP inspection. Use this to filter unauthorized ARP packets on the network.
If you want to use dynamic bindings to filter unauthorized ARP packets (typical
implementation), you have to enable DHCP snooping before you enable ARP
inspection.
25.2 IP Source Guard
Use this screen to look at the current bindings for DHCP snooping and ARP
inspection. Bindings are used by DHCP snooping and ARP inspection to distinguish
between authorized and unauthorized packets in the network. The Switch learns
the bindings by snooping DHCP packets (dynamic bindings) and from information
