EasyManuals Logo
Home>Enterasys>Other>b5

Enterasys b5 User Manual

Enterasys b5
714 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #507 background imageLoading...
Page #507 background image
Enterasys B5 CLI Reference 17-1
17
DHCP Snooping and
Dynamic ARP Inspection
Thisî ±chapterî ±describesî ±twoî ±securityî ±features:
•DHCPsnooping,whichmonitorsDHCPmessagesbetweenaDHCPclientandDHCPserver
toî ±filterî ±harmfulî ±DHCPî ±messagesî ±andî ±toî ±buildî ±aî ±databaseî ±ofî ±authorizedî ±addressî ±bindingsî ±
• DynamicARPinspection,whichusesthebindingsdatabasecreatedbytheDHCPsnooping
featureî ±toî ±rejectî ±invalidî ±andî ±
maliciousî ±ARPî ±packets
DHCP Snooping Overview
DHCPî ±snoopingî ±monitorsî ±DHCPî ±messagesî ±betweenî ±DHCPî ±clientsî ±andî ±DHCPî ±serversî ±toî ±filterî ±
harmfulî ±DHCPî ±messagesî ±andî ±toî ±buildî ±aî ±bindingsî ±databaseî ±ofî ±{MACî ±address,î ±IPî ±address,î ±VLANî ±
ID,î ±port}î ±tuplesî ±thatî ±areî ±consideredî ±authorized.î ±
DHCPî ±snoopingî ±isî ±disabledî ±globallyî ±andî ±onî ±allî ±VLANsî ±byî ±default.î ±Portsî ±areî ±untrustedî ±byî ±default.
î ±
DHCPî ±snoopingî ±mustî ±beî ±enabledî ±globallyî ±andî ±onî ±specificî ±VLANs.î ±Portsî ±withinî ±theî ±VLANsî ±mustî ±
beconfiguredastrustedoruntrusted.DHCPserversmustbereachedthroughtrustedports.
DHCPî ±snoopingî ±enforcesî ±theî ±followingî ±securityî ±rules:
•DHCPpacketsfromaDHCPserver(DHCPOFFER,DHCPACK,DHCPNAK)aredroppedif
receivedî ±onî ±anî ±untrustedî ±port.
•DHCPRELEASEandDHCPDECLINEmessagesaredroppediftheyareforaMACaddress
inthesnoopingdatabasebutthebindingʹsinterfaceinthedatabaseisdifferentfromthe
interfaceî ±whereî ±theî ±messageî ±wasî ±received.
•Onuntrustedinterfaces,theswitchdropsDHCPpacketswhosesource
î ±MACî ±addressî ±doesî ±notî ±
matchî ±theî ±clientî ±hardwareî ±address.î ±Thisî ±featureî ±isî ±aî ±configurableî ±option.
DHCP Message Processing
Theî ±hardwareî ±identifiesî ±allî ±incomingî ±DHCPî ±packetsî ±onî ±portsî ±whereî ±DHCPî ±snoopingî ±isî ±enabled.î ±
Onî ±untrustedî ±ports,î ±theî ±hardwareî ±trapsî ±allî ±incomingî ±DHCPî ±packetsî ±toî ±theî ±CPU.î ±Onî ±trustedî ±ports,î ±
For information about... Refer to page...
DHCP Snooping Overview 17-1
DHCP Snooping Commands 17-4
Dynamic ARP Inspection Overview 17-16
Dynamic ARP Inspection Commands 17-20

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Enterasys b5 and is the answer not in the manual?

Enterasys b5 Specifications

General IconGeneral
BrandEnterasys
Modelb5
CategoryOther
LanguageEnglish