Arp/Ip Attack Defense Based On 802.1X - 3Com 4210 9-Port Configuration Manual

ARP/IP Attack Defense Based on 802.1x

Overview
ARP attack detection and IP filtering implemented based on DHCP snooping entries can effectively
prevent ARP/IP attacks in a network where clients obtain IP addresses dynamically through DHCP.
However, if most of the clients are assigned with IP addresses statically, you need to configure an IP
static binding for each of such clients, which is a heavy workload and easily causes errors.
To prevent attacks in a network where most clients use statically assigned IP addresses, Switch support
the feature of using IP-to-MAC bindings of authenticated 802.1x clients (which obtain IP addresses
through DHCP or manual assignment) to implement ARP attack detection or IP filtering. The feature
avoids configuring IP-MAC static bindings for clients with static IP addresses configured.
With this feature configured for ARP attack detection, the device, after checking its DHCP snooping
and static client entries, will use the IP-MAC bindings of authenticated 802.1x clients for ARP
attack detection.
With this feature configured for IP filtering, the device will use only the IP-MAC bindings of
authenticated 802.1x clients for IP filtering.
For details about ARP attack detection, refer to ARP Operation.
For details about IP filtering and IP static binding, refer to DHCP Operation.
For details about 802.1x authentication, refer to 802.1x and System Guard Operation.
3