The Arp Inspection Screen; Configuring Arp Inspection - ZyXEL Communications MES-2110 User Manual
Intelligent layer 2 switch
Hide thumbs
Also See for MES-2110:
- Manual (2 pages) ,
- User manual (184 pages) ,
- Support notes (53 pages)
Table of Contents
Advertisement
19.4 The ARP Inspection Screen
Use ARP inspection to filter unauthorized ARP frames on the network. This can
prevent many kinds of man-in-the-middle attacks, such as the one in the following
example.
Figure 68 Example: Man-in-the-middle Attack
A
In this example, computer B tries to establish a connection with computer A.
Computer X is in the same broadcast domain as computer A and intercepts the
ARP request for computer A. Then, computer X does the following things:
• It pretends to be computer A and responds to computer B.
• It pretends to be computer B and sends a message to computer A.
As a result, all the communication between computer A and computer B passes
through computer X. Computer X can read and alter the information passed
between them.
19.4.1 Configuring ARP Inspection
Follow these steps to configure ARP inspection on the MES-2110.
Configure DHCP snooping. See
1
Note: It is recommended you enable DHCP snooping at least one day before you
enable ARP inspection so that the MES-2110 has enough time to build the
binding table.
Enable ARP inspection on the MES-2110. See
2
details about turning on this feature.
MES-2110 User's Guide
X
Section 19.1.1.3 on page
Section 19.4 on page 147
Chapter 19 IP Source Guard
B
142.
for more
147
Advertisement
Table of Contents
