Hello,
i have 20x Juniper EX4200-48P and i have about ~400 devices connected to them, i want to use ip source guard to prevent ip spoofing in my network because most of my users is sending attacks to outside of my network.
i know ip source guard needs dhcp snooping but for some reasons i can not use dhcp servers in my network because i assigned ips to my users manually.
so:
1. if i want to use ip source guard i should use dhcp server and all of my users should get their ips from DHCP?
2. is there anyway use ip source guard without DHCP snooping and others table for check ips,arp,mac, ... ?
3. do you have any other suggestion for prevent ip spoofing?
in some of my switches i am using firewall access lists and apply them to the port switch which sending attacks towards internet and in this case i can save myself from ip spoofing but managing ip access lists for 400 servers is really hard. so i am looking for a better way.
Thank you.