IPSG on an AR

IP Source Guard (IPSG) defends against spoofing attacks based on source IP addresses.
Some attacks on networks aim at source IP addresses by accessing and using network resources through spoofing IP addresses, stealing users' information or blocking authorized users from accessing networks. IPSG provides a mechanism to effectively defend against IP address spoofing attacks.
IPSG uses binding tables (static or DHCP dynamic binding tables) to filter IP packets. Before the router forwards an IP packet, it compares the source IP address, source MAC address, interface, and VLAN information in the IP packet with entries in the binding table. If a matching entry is found, the router considers the IP packet as a valid packet and forwards it. Otherwise, the router considers the IP packet as an attack packet and discards it.

Scroll to top