Which three statements accurately describe IP source guard?

The primary function of IP source guard is to prevent IP address spoofing on Layer 2 access ports by ensuring that the source IP and MAC addresses of packets match a known and permitted combination. The accurate descriptions of IP source guard help in understanding how this feature operates to enhance network security.

The first statement correctly indicates that access ports are set to untrusted by default. This means that unless explicitly configured otherwise, these ports do not allow packets from any IP address that is not associated with the port's allowed list, thus safeguarding against potential spoofing attacks. This default behavior establishes a baseline level of security on access ports.

The second statement highlights that IP source guard does not operate on trunk interfaces, which is significant in understanding its scope. It reinforces the concept that IP source guard is primarily focused on access ports where end-user devices connect, rather than on the traffic flowing between switches via trunk links.

The third statement conveys that IP source guard can indeed be enabled not only on individual interfaces but also at the VLAN level, providing flexibility in security policies across different segments of a network. This implies that network administrators can implement granular controls based on the requirements of specific VLANs or ports.

The last statement accurately denotes that any packets with invalid source IP or MAC addresses are