Arp Spoofing Prevention Settings - D-Link DGS-3427 - xStack Switch - Stackable Product Manual
Layer 2 managed gigabit ethernet switch
Hide thumbs
Also See for DGS-3427 - xStack Switch - Stackable:
- User manual (246 pages) ,
- Specifications (5 pages) ,
- Reference manual (629 pages)
Table of Contents
Advertisement
x Stack
The following parameters can be configured:
Parameter
Description
Global State
Enable or disable the BPDU attack protection global state.
Trap State
Enable or disable the BPDU attack trap state.
Log State
Enable or disable the BPDU attack log state.
Recover Time
Enter the BPDU protection Auto-Recovery recovery timer. The default value is 60. If Infinite is
(60-1000000)
ticked, the port will not be auto recovered.
Unit
Select the unit to be configured.
From/To
Select the port or range of ports to be configured.
State
Enable or disable BPDU attack protection for the specified individual ports.
Mode
Select the BPDU attack protection mode: Drop, Block, or Shutdown.
Drop - Drop all received BPDU packets when the port enters under_attack state.
Block - Drop all packets (include BPDU and normal packets) when the port enters the under
attack state.
Shutdown - Shut down the port when the port enters the under attack state.
Click Apply to implement the changes.
ARP Spoofing Prevention Settings
ARP spoofing, also known as ARP poisoning, is a method to attack an Ethernet network which may allow an attacker to sniff data
frames on a LAN, modify the traffic, or stop the traffic altogether (known as a Denial of Service - DoS attack). The principle of
ARP spoofing is to send fake or spoofed ARP messages to an Ethernet network. Generally, the aim is to associate the attacker's or
a random MAC address with the IP address of another node (such as the default gateway). Any traffic meant for that IP address
would be mistakenly re-directed to the node specified by the attacker.
To prevent an ARP spoofing attack, Packet Content ACL is used to block the invalid ARP packets which contain a faked
gateway's MAC and IP binding. Packet Content ACL can inspect any specified content in the first 48 bytes of a packet. It utilizes
offsets to match individual fields in the Ethernet frame. An offset contains 16 bytes and each offset is divided into four 4-byte
values in HEX format.
The configuration logic is as follows:
•
The traffic can only pass through the Switch if the ARP entry matches a source MAC address in the Ethernet frame, the
sender MAC address, or the sender IP address in the ARP protocol.
•
The Switch will deny all other ARP packets which claim they are from the gateway's IP.
To view this window, click Security > ARP Spoofing Prevention Settings, as shown below.
The following parameters can be configured:
®
DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch
Figure 6 - 41 ARP Spoofing Prevention Settings window
311
Hide quick links:
Advertisement
Table of Contents
