Dynamic IPSG bindings
IPSG automatically obtains user information from other modules to generate dynamic bindings. The source modules include ARP snooping, 802.1X, DHCP relay agent, DHCPv6 relay agent, DHCP snooping, DHCPv6 snooping, DHCP server, and ND snooping.
For example, DHCP-based IPSG bindings are suitable for scenarios where hosts on a LAN obtain IP addresses through DHCP. IPSG is configured on the DHCP server, the DHCP snooping device, or the DHCP relay agent. It generates dynamic bindings based on the client bindings on the DHCP server, the DHCP snooping entries, or the DHCP relay entries. IPSG allows only packets from the DHCP clients to pass through.
Dynamic IPv4SG
Dynamic bindings generated based on different source modules are for different usages:
Interface types | Source modules | Binding usage |
|---|---|---|
Layer 2 Ethernet port/Layer 2 aggregate interface | DHCP snooping | Packet filtering. |
802.1X | For cooperation with modules to provide security services. | |
ARP snooping | Packet filtering. | |
Layer 3 Ethernet interface/VLAN interface | DHCP relay agent | Packet filtering. |
DHCP server | For cooperation with modules (such as the authorized ARP module) to provide security services. |
For more information about 802.1X, see "Configuring 802.1X." For information about ARP snooping, DHCP snooping, DHCP relay, and DHCP server, see Layer 3—IP Services Configuration Guide.
Dynamic IPv6SG
Dynamic IPv6SG bindings generated based on the following source modules are for packet filtering:
Interface types | Source modules |
|---|---|
Layer 2 Ethernet port | DHCPv6 snooping |
ND snooping | |
Layer 3 Ethernet interface/VLAN interface | DHCPv6 relay agent |
For more information about DHCPv6 snooping, ND snooping, and DHCPv6 relay agent, see Layer 3—IP Services Configuration Guide.