can effectively mitigate
common DoS attacks
caused by ARP spoofing via
a unique Package Content
ACL.
For the reason that basic
ACL can only filter ARP
packets based on packet
type, VLAN ID, Source, and
Destination MAC
information, there is a need
for further inspections of
ARP packets.
Switch to block the invalid ARP packets which contain faked gateway’s MAC and IP binding.
Configuration
The configuration logic is as follows:
1. Only if the ARP matches Source MAC address in Ethernet, Sender MAC address and
Sender IP address in ARP protocol can pass through the Switch. (In this example, it is the
gateway’s ARP.)
2. The switch will deny all other ARP packets which claim they are from the gateway’s IP.
The design of Packet Content ACL on the Switch enables users to inspect any offset chunk. An
offset chunk is a 4-byte block in a HEX format, which is utilized to match the individual field in an
Ethernet frame. Each profile is allowed to contain up to a maximum of four offset chunks.
Furthermore, only one single profile of Packet Content ACL can be supported per switch. In other
words, up to 16 bytes of total offset chunks can be applied to each profile and a switch. Therefore,
a careful consideration is needed for planning and configuration of the valuable offset chunks.
In Table 6, you will notice that the Offset_Chunk0 starts from the 127th byte and ends at the 128th
byte. It also can be found that the offset chunk is scratched from 1 but not zero.
Byte
127 3 7 11 15 19 23 27 31 35 39 43 47 51 55 59
Byte
128 4 8 12 16 20 24 28 32 36 40 44 48 52 56 60
Byte
1 5 9 13 17 21 25 29 33 37 41 45 49 53 57 61
To Next Page
Loading...
