Advertisement
Quaternary Binding Table
Anti Attack
In the network , there are a large number of malicious attack packets targeting the CPU and various types of packets that
need to be normally sent to the CPU. Malicious attack packets targeting the CPU will cause the CPU to be busy processing
attack packets for a long time, thereby causing interruption of other services or even system interruption ; a large number of
normal packets will also lead to high CPU usage and performance degradation, thus affecting the normal business.
In order to protect the CPU and ensure that the CPU can process and respond to normal services , the switch provides a local
attack defense function , which is aimed at the packets sent to the CPU. It operates normally to avoid the mutual influence of
various services when the device is attacked.
Attack defense is an important network security feature. It analyzes the content and behavior of the packets sent to the CPU
for processing, determines whether the packets have attack characteristics, and configures certain preventive measures
against the packets with attack characteristics. Defense attacks are mainly divided into malformed packet attack defense,
fragmented packet attack defense, and flood attack defense.
Anti Attack
Dynamic ARP Inspection (DAI)
To defend against man-in-the-middle attacks and prevent data of legitimate users from being stolen by the man-in-the-
middle, you can enable dynamic ARP inspection. The device compares the source IP, source MAC, interface, and VLAN
information corresponding to the ARP packet with the information in the binding table. If the information matches, it means
that the user who sent the ARP packet is a legitimate user, and the user is allowed. If the ARP packet passes, otherwise it is
considered an attack and the ARP packet is discarded.
Dynamic ARP inspection can be enabled in the interface view , or VLAN view. When enabled in the interface view , the binding
table matching check is performed on all ARP packets received by the interface ; when enabled in the VLAN view . Then, the
binding table matching check is performed on the ARP packets belonging to the VLAN received by the interface that joins the
VLAN.
When the device discards a large number of ARP packets that do not match the binding table, if you want the device to alert
the network administrator in the form of an alarm , you can enable the dynamic ARP inspection discarded packet alarm
function. When the number of discarded ARP packets exceeds the alarm threshold , the device generates an alarm.
Advertisement
