Arp Advanced Settings Summary - D-Link NetDefend DFL-210 User Manual
Network security firewall ver 2.26.01
Hide thumbs
Also See for NetDefend DFL-210:
- Log reference manual (476 pages) ,
- User manual (469 pages) ,
- Cli reference manual (213 pages)
Table of Contents
Advertisement
3.4.6. ARP Advanced Settings
Summary
Allowing this to take place may allow hijacking of local connections. However, not allowing this
may cause problems if, for example, a network adapter is replaced, as NetDefendOS will not accept
the new address until the previous ARP cache entry has timed out.
The advanced setting ARP Changes can be changed to modify this behavior. The default behavior is
that NetDefendOS will allow changes to take place, but all such changes will be logged.
Another, similar, situation occurs when information in ARP replies or ARP requests could collide
with static entries in the ARP cache. Naturally, this should never be allowed to happen. However,
changing the setting Static ARP Changes allows the administrator to specify whether or not such
situations are logged.
Sender IP 0.0.0.0
NetDefendOS can be configured for handling ARP queries that have a sender IP of 0.0.0.0. Such
sender IPs are never valid as responses, but network units that have not yet learned of their IP
address sometimes ask ARP questions with an "unspecified" sender IP. Normally, these ARP replies
are dropped and logged, but the behavior can be changed by modifying the setting ARP Query No
Sender.
Matching Ethernet Addresses
By default, NetDefendOS will require that the sender address at Ethernet level should comply with
the Ethernet address reported in the ARP data. If this is not the case, the reply will be dropped and
logged. The behavior can be changed by modifying the setting ARP Match Ethernet Sender.
3.4.6. ARP Advanced Settings Summary
The following advanced settings are available with ARP:
ARP Match Ethernet Sender
Determines if NetDefendOS will require the sender address at Ethernet level to comply with the
hardware address reported in the ARP data.
Default: DropLog
ARP Query No Sender
Handles ARP queries that have a sender IP of 0.0.0.0. Such sender IPs are never valid in responses,
but network units that have not yet learned of their IP address sometimes ask ARP questions with an
"unspecified" sender IP.
Default: DropLog
ARP Sender IP
Determines if the IP sender address must comply with the rules in the Access section.
Default: Validate
Unsolicited ARP Replies
Determines how NetDefendOS will handle ARP replies that it has not asked for. According to the
ARP specification, the recipient should accept these. However, because this can facilitate hijacking
of local connections, it is not normally allowed.
106
Chapter 3. Fundamentals
Advertisement
Table of Contents
Troubleshooting
