ix
Enabling the SYN Cookie feature ······························································································································ 349
Displaying and maintaining TCP attack protection ·································································································· 349
Configuring IP source guard ·································································································································· 351
Overview ······································································································································································· 351
Static IP source guard entries ····························································································································· 351
Dynamic IP source guard binding entries ········································································································· 352
Configuration task list ·················································································································································· 352
Configuring the IPv4 source guard function ·············································································································· 353
Configuring IPv4 source guard on a port ········································································································· 353
Configuring a static IPv4 source guard entry ··································································································· 354
Setting the maximum number of IPv4 source guard binding entries ····························································· 355
Configuring the IPv6 source guard function ·············································································································· 356
Configuring IPv6 source guard on a port ········································································································· 356
Configuring a static IPv6 source guard entry ··································································································· 357
Setting the maximum number of IPv6 source guard entries ············································································ 358
Displaying and maintaining IP source guard ············································································································ 358
IP source guard configuration examples ··················································································································· 359
Static IPv4 source guard configuration example ····························································································· 359
Dynamic IPv4 source guard using DHCP snooping configuration example ················································· 361
Dynamic IPv4 source guard using DHCP relay configuration example ························································ 362
Static IPv6 source guard configuration example ····························································································· 363
Dynamic IPv6 source guard using DHCPv6 snooping configuration example ············································· 364
Dynamic IPv6 source guard using ND snooping configuration example ····················································· 365
Global static IP source guard configuration example ····················································································· 366
Troubleshooting IP source guard ································································································································ 368
Configuring ARP attack protection ························································································································· 369
Overview ······································································································································································· 369
ARP attack protection configuration task list ············································································································· 369
Configuring ARP defense against IP packet attacks ································································································· 370
Configuring ARP source suppression ················································································································ 370
Enabling ARP black hole routing ······················································································································· 371
Displaying and maintaining ARP defense against IP packet attacks ····························································· 371
Configuration example ······································································································································· 371
Configuring ARP packet rate limit ······························································································································ 372
Introduction ·························································································································································· 372
Configuration procedure ···································································································································· 372
Configuring source MAC address based ARP attack detection ············································································· 373
Configuration procedure ···································································································································· 373
Displaying and maintaining source MAC address based ARP attack detection ·········································· 374
Configuration example ······································································································································· 374
Configuring ARP packet source MAC address consistency check ········································································· 376
Introduction ·························································································································································· 376
Configuration procedure ···································································································································· 376
Configuring ARP active acknowledgement ··············································································································· 376
Introduction ·························································································································································· 376
Configuration procedure ···································································································································· 376
Configuring ARP detection ·········································································································································· 377
Introduction ·························································································································································· 377
Configuring user validity check ························································································································· 377
Configuring ARP packet validity check ············································································································· 378
Configuring ARP restricted forwarding ············································································································· 379
Configuring the ARP detection logging function ······························································································ 379
Displaying and maintaining ARP detection ······································································································ 380
To Next Page
Loading...
