With IPSG enabled, how will an S series switch process IP packets that do not match the binding table?

With IPSG enabled, an S series switch (except the S1700) checks IP packets against a DHCP snooping dynamic binding table or static binding table. Before the switch forwards an IP packet, it compares the source IP address, source MAC address, interface, or VLAN information in the IP packet with entries in the binding table. If a matching entry is found, the switch considers the IP packet as a valid packet and forwards it. Otherwise, the switch considers the IP packet as an attack packet and discards it.
Whether an IP packet sent from a terminal connected to a port matches a binding entry or not has no effect on the status of the port (for example, the port will not change from the up state to the shutdown or error-disable state).

Scroll to top