Anti-spoofing filters are used to prevent malicious subscribers from sending IP packets with a forged IP or MAC address, and therefore mis-directing traffic. The anti-spoofing filter is populated from the DHCP lease state table, and DHCP snooping must be enabled on the SAP.
There are three types of filters (MAC, IP, and IP+MAC). One type is allowed per SAP.
The following displays an IES service interface configuration with anti-spoofing.
A:ALA-48>config>service>ies# info
----------------------------------------------
interface "test123" create
address 10.10.42.41/24
local-proxy-arp
proxy-arp
policy-statement "ProxyARP"
exit
sap 1/1/7:0 create
anti-spoof ip
exit
arp-populate
dhcp
lease-populate 1
no shutdown
exit
exit
no shutdown
----------------------------------------------
A:ALA-48>config>service>ies#