Arp Inspection Overview - ZyXEL Communications GS2200-24 User Manual
Intelligent layer 2gbe switch
Hide thumbs
Also See for GS2200-24:
- User manual (360 pages) ,
- Specifications (4 pages) ,
- Manual (332 pages)
Table of Contents
Advertisement
Chapter 26 IP Source Guard
26.12.2 ARP Inspection Overview
Use ARP inspection to filter unauthorized ARP packets on the network. This can
prevent many kinds of man-in-the-middle attacks, such as the one in the following
example.
Figure 115 Example: Man-in-the-middle Attack
A
In this example, computer B tries to establish a connection with computer A.
Computer X is in the same broadcast domain as computer A and intercepts the
ARP request for computer A. Then, computer X does the following things:
• It pretends to be computer A and responds to computer B.
• It pretends to be computer B and sends a message to computer A.
As a result, all the communication between computer A and computer B passes
through computer X. Computer X can read and alter the information passed
between them.
26.12.2.1 ARP Inspection and MAC Address Filters
When the Switch identifies an unauthorized ARP packet, it automatically creates a
MAC address filter to block traffic from the source MAC address and source VLAN
ID of the unauthorized ARP packet. You can configure how long the MAC address
filter remains in the Switch.
These MAC address filters are different than regular MAC address filters
12 on page
• They are stored only in volatile memory.
• They do not use the same space in memory that regular MAC address filters
use.
• They appear only in the ARP Inspection screens and commands, not in the
MAC Address Filter screens and commands.
238
X
115).
B
(Chapter
GS2200-24 User's Guide
Advertisement
Table of Contents
Troubleshooting
