What is IP Source Guard?
The primary purpose of IP Source Guard is to restrict the port access to a number of authorized LAN clients, whose MAC address and IP address are both listed in IP source guard table. If an unauthorized LAN client connects to a port which has IP Source Guard enabled, VigorSwitch will drop the packets from it.
1. To enable IP Source Guard, please go to Security >> IP Source Guard >> General Setup, change Mode to “Enabled” on the top of the page, as well as the port you would like it to be guarded, here we use port 3 for example.
2. If the authorized LAN client has a static IP, Go to Security >> IP Source Guard >> Static IP Source Guard Table, click “Add new entry” and enter the client's IP address and MAC address,and the port and VLAN the client is connecting.
3. If the LAN client will obtain an IP from a DHCP server, we may enable DHCP Snooping so that IP Source Guard can learn dynamic entry by snooping DHCP handshake. To do this, go to DHCP Snooping >> Configuration, change Snooping Mode to “Enabled”, and change the port which is connecting to the DHCP server to “Trusted” mode.
4. When a LAN client obtains an IP address by DHCP, there will be a new entry in IP Source Guard>> Dynamic IP Source Guard Table.
5. Now, only the specified device with the specified IP address is able to access the network fromport 3. If the client changes the IP address manually, it will be blocked and get request timed out when trying to ping the network.