Table of Contents
Advertisement
Advanced Application > IP Source Guard > DHCP Snooping > Configure > VLAN (Information)
6
27.10.1.5 Configuring DHCP Snooping
Follow these steps to configure DHCP snooping on the OLT.
Enable DHCP snooping on the OLT.
1
Enable DHCP snooping on each VLAN, and configure DHCP relay option 82.
2
Configure trusted and untrusted ports, and specify the maximum number of DHCP packets that each
3
port can receive per second.
Configure static bindings.
4
27.10.2 ARP Inspection Overview
Use ARP inspection to filter unauthorized ARP packets on the network. This can prevent many kinds of
man-in-the-middle attacks, such as the one in the following example.
Figure 146 Example: Man-in-the-middle Attack
In this example, computer B tries to establish a connection with computer A. Computer X is in the same
broadcast domain as computer A and intercepts the ARP request for computer A. Then, computer X
does the following things:
• It pretends to be computer A and responds to computer B.
• It pretends to be computer B and sends a message to computer A.
As a result, all the communication between computer A and computer B passes through computer X.
Computer X can read and alter the information passed between them.
27.10.2.1 ARP Inspection
When the OLT identifies an unauthorized ARP packet, it will drop the unauthorized ARP packet.
27.10.2.2 Trusted vs. Untrusted Ports
Every port is either a trusted port or an untrusted port for ARP inspection. This setting is independent of
the trusted/untrusted setting for DHCP snooping. You can also specify the maximum rate at which the
OLT receives ARP packets on untrusted ports.
The OLT does not discard ARP packets on trusted ports for any reason.
Chapter 27 IP Source Guard
OLT2406 User's Guide
244
Advertisement
Table of Contents
Troubleshooting
