EasyManuals Logo
Home>Enterasys>Other>b5

Enterasys b5 User Manual

Enterasys b5
714 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #523 background imageLoading...
Page #523 background image
Dynamic ARP Inspection Overview
Enterasys B5 CLI Reference 17-17
• Loopbackaddresses(intherange127.0.0.0/8)
Logging Invalid Packets
Byî ±default,î ±DAIî ±writesî ±aî ±logî ±messageî ±toî ±theî ±normalî ±bufferedî ±logî ±forî ±eachî ±invalidî ±ARPî ±packetî ±itî ±
drops.î ±Youî ±canî ±configureî ±DAIî ±toî ±notî ±logî ±invalidî ±packetsî ±forî ±specificî ±VLANs.î ±
Packet Forwarding
DAIî ±forwardsî ±validî ±ARPî ±packetsî ±whoseî ±destinationî ±MACî ±addressî ±isî ±notî ±local.î ±Theî ±ingressî ±VLANî ±
couldî ±beî ±aî ±switchingî ±orî ±routingî ±VLAN.î ±ARPî ±requestsî ±areî ±floodedî ±inî ±theî ±VLAN.î ±ARPî ±responsesî ±areî ±
unicastî ±towardî ±theirî ±destination.î ±DAIî ±queriesî ±theî ±MACî ±addressî ±tableî ±toî ±de termineî ±theî ±outgoingî ±
port.î ±Ifî ±theî ±destinationî ±MAC
î ±addressî ±isî ±local,î ±DAIî ±givesî ±validî ±ARPî ±packetsî ±toî ±theî ±ARPî ±application.î ±
Rate Limiting
Toî ±protectî ±theî ±switchî ±fromî ±DHCPî ±attacksî ±whenî ±DAIî ±isî ±enabled,î ±theî ±DAIî ±applicationî ±enforcesî ±aî ±rateî ±
limitî ±forî ±ARPî ±packetsî ±receivedî ±onî ±untrustedî ±interfaces.î ±DAIî ±monitorsî ±theî ±receiveî ±rateî ±onî ±eachî ±
interfaceî ±separately.î ±Ifî ±theî ±receiveî ±rateî ±exceedsî ±aî ±configurableî ±limit,î ±DAIî ±errorî ±disablesî ±theî ±
interface,î ±whichî ±effectivelyî ±bringsî ±down
î ±theî ±interface.î ±Youî ±canî ±useî ±theî ±setî ±portî ±enableî ±commandî ±
toî ±reenableî ±theî ±port.î ±
Youî ±canî ±configureî ±bothî ±theî ±rateî ±andî ±theî ±burstî ±interval.î ±Theî ±defaultî ±rateî ±isî ±15î ±ppsî ±onî ±eachî ±untrustedî ±
interfaceî ±withî ±aî ±rangeî ±ofî ±0î ±toî ±50î ±pps.î ±Theî ±defaultî ±burstî ±intervalî ±isî ±1î ±secondî ±withî ±
aî ±rangeî ±toî ±1î ±toî ±15î ±
seconds..î ±Theî ±rateî ±limitî ±cannotî ±beî ±setî ±onî ±trustedî ±interfacesî ±sinceî ±ARPî ±packetsî ±receivedî ±onî ±trustedî ±
interfacesdonotcometotheCPU.
Eligible Interfaces
Dynamicî ±ARPî ±inspectionî ±isî ±enabledî ±perî ±VLAN,î ±effectivelyî ±enablingî ±DAIî ±onî ±theî ±membersî ±ofî ±theî ±
VLAN,î ±eitherî ±physicalî ±portsî ±orî ±LAGs.î ±Trustî ±isî ±specifiedî ±onî ±theî ±VLANî ±members.î ±
DAIî ±mayî ±beî ±connectedî ±to:
•Asinglehostthroughatrustedlink(forexample,aserver)
•Ifmultiplehostsneedtoconnected,theremust
î ±beî ±aî ±switchî ±betweenî ±theî ±routerî ±andî ±theî ±hosts,î ±
withî ±DAIî ±enabledî ±onî ±thatî ±switch
Interaction with Other Functions
•DAIreliesontheDHCPsnoopingapplicationtoverifythata{IPaddress,MACaddress,
VLAN,î ±interface}î ±tupleî ±isî ±valid.î ±
•DAIregisterswithdot1qtoreceivenotificationofVLANmembershipchangesfortheVLANs
whereî ±DAIî ±isî ±enabled.
•DAItellsthedriverabouteachuntrustedinterface(physicalportorLAG)where
DAIî ±isî ±
enabledî ±soî ±thatî ±theî ±hardwareî ±willî ±interceptî ±ARPî ±packetsî ±andî ±sendî ±themî ±toî ±theî ±CPU.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Enterasys b5 and is the answer not in the manual?

Enterasys b5 Specifications

General IconGeneral
BrandEnterasys
Modelb5
CategoryOther
LanguageEnglish