Dynamic IPSG bindings
Dynamic IPSG is supported only on the following ports:
Layer 2 Ethernet ports on the following modules:
HMIM-8GSW.
HMIM-8GSWF.
HMIM-24GSW.
HMIM-24GSWP.
Fixed Layer 2 Ethernet ports on MSR2004-24 and MSR2004-48 routers.
IPSG automatically obtains user information from other modules to generate dynamic bindings. The source modules include 802.1X, DHCP snooping, DHCPv6 snooping, and WLAN snooping.
For example, DHCP-based IPSG bindings are suitable for scenarios where hosts on a LAN obtain IP addresses through DHCP. IPSG is configured on the DHCP snooping device. It generates dynamic bindings based on the DHCP snooping entries. IPSG allows only packets from the DHCP clients to pass through.
Dynamic IPv4SG
Dynamic bindings generated based on different source modules are for different usages:
Interface types | Source modules | Binding usage |
---|---|---|
Layer 2 Ethernet port | DHCP snooping | Packet filtering. |
802.1X | For cooperation with modules (such as the ARP attack detection module) to provide security services. |
For more information about 802.1X, see "Configuring 802.1X." For information about DHCP snooping, see Layer 3—IP Services Configuration Guide.
In a WLAN network, IPSG can generate bindings based on WLAN snooping for modules (such as the ARP attack detection module) to provide security services.
Dynamic IPv6SG
On a Layer 2 Ethernet port, IPv6SG can generate dynamic IPv6SG bindings based on DHCPv6 snooping for packet filtering.
For more information about DHCPv6 snooping, see Layer 3—IP Services Configuration Guide.
In a WLAN network, IPv6SG can generate bindings based on WLAN snooping for modules to provide security services.