Technical Reference; Arp Inspection Overview - ZyXEL Communications XS3800-28 User Manual
28-port 10gbe l3 managed switch
Hide thumbs
Also See for XS3800-28:
- User manual (789 pages) ,
- Cli reference manual (407 pages) ,
- Quick start manual (2 pages)
Table of Contents
Advertisement
Table 144 Advanced Application > IP Source Guard > IPv6 DHCP Trust Setup (continued)
L ABEL
*
Trusted State
Apply
Cancel
29.11 T e c hnic a l Re fe re nc e
This section provides technical background information on the topics discussed in this chapter.
29.11.1 ARP Inspe c tio n O ve rvie w
Use ARP inspection to filter unauthorized ARP packets on the network. This can prevent many kinds of
man-in-the-middle attacks, such as the one in the following example.
Fig ure 256
In this example, computer
broadcast domain as computer
does the following things:
• It pretends to be computer
• It pretends to be computer
Chapter 29 ARP Inspection
DESC RIPT IO N
Settings in this row apply to all ports.
Use this row only if you want to make some settings the same for all ports. Use this row first to set
the common settings and then make adjustments on a port-by-port basis.
Note: Changes in this row are copied to all the ports as soon as you make them.
Select whether this port is a trusted port (
Trusted ports are connected to DHCPv6 servers or other switches.
Untrusted ports are connected to subscribers, and the Switch discards DHCPv6 packets from
untrusted ports in the following situations:
•
The packet is a DHCPv6 server packet (for example, ADVERTISE, REPLY, or RELAY-REPLY).
•
The source MAC address and source IP address in the packet do not match any of the
current bindings.
Click
to save your changes to the Switch's run-time memory. The Switch loses these
Apply
changes if it is turned off or loses power, so use the
save your changes to the non-volatile memory when you are done configuring.
Click this to reset the values in this screen to their last-saved values.
Example: Man-in-the-middle Attack
tries to establish a connection with computer
B
and intercepts the ARP request for computer
A
and responds to computer
A
and sends a message to computer
B
XS3800-28 User's Guide
) or an untrusted port (
T ruste d
Sa ve
.
B
340
).
Untruste d
link on the top navigation panel to
. Computer
is in the same
A
X
. Then, computer
A
.
A
X
Advertisement
Table of Contents
Troubleshooting
