IP source guard
A set of IP source guard features are Layer 2 security mechanisms that
-
prevent the controller from forwarding packets with source IP addresses unknown to the wireless controller
-
require explicit configuration per WLAN and are not enabled by default, and
-
maintain an IP/MAC binding table to track and authorize valid wireless clients.
It supports both IPv4 and IPv6 wireless clients. The IPSG feature prevents the wireless controller from forwarding packets with unknown source IP addresses. This security feature is disabled by default. You must configure it explicitly for each WLAN. When you enable this feature, all wireless clients on the WLAN inherit the security setting.
Using the IP/MAC binding table, the wireless controller keeps track of IP and MAC address binding information for all wireless clients. The wireless controller collects binding information as part of the IP learning process. When this feature is enabled on a WLAN, the wireless controller forwards incoming packets from wireless clients only if a matching binding table entry exists for the source IP and MAC address combination. If the entry does not exist, the controller drops the packets.
Configure IP source guard (GUI)
Before you begin
Ensure you have administrative access to the GUI. Confirm that the WLAN exists and is configured.
Procedure
|
Step 1 |
Choose . |
|
Step 2 |
Click on the WLAN. |
|
Step 3 |
In the Advanced tab, check the IP Source Guard checkbox. |
|
Step 4 |
Click Update & Apply to Device. |
Configure IP source guard (CLI)
Enabling IP source guard increases network security by ensuring that only valid IP sources are allowed on the WLAN.
Before you begin
Ensure you have administrator access to the device CLI. Have the WLAN name and ID information available.
Procedure
|
Step 1 |
Specify the WLAN name and ID to use. Example:
|
||
|
Step 2 |
Disable the WLAN. Example: |
||
|
Step 3 |
Enable the IP source guard feature. Example: |
||
|
Step 4 |
Enable the WLAN. Example: |
Feedback