Chapter 29 ARP Inspection
XGS4600 Series User’s Guide
328
29.11 Technical Reference
This section provides technical background information on the topics discussed in this chapter.
29.11.1 ARP Inspection Overview
Use ARP inspection to filter unauthorized ARP packets on the network. This can prevent many kinds of
man-in-the-middle attacks, such as the one in the following example.
Figure 255 Example: Man-in-the-middle Attack
In this example, computer B tries to establish a connection with computer A. Computer X is in the same
broadcast domain as computer A and intercepts the ARP request for computer A. Then, computer X
does the following things:
• It pretends to be computer A and responds to computer B.
• It pretends to be computer B and sends a message to computer A.
As a result, all the communication between computer A and computer B passes through computer X.
* Settings in this row apply to all ports.
Use this row only if you want to make some settings the same for all ports. Use this row first to set
the common settings and then make adjustments on a port-by-port basis.
Note: Changes in this row are copied to all the ports as soon as you make them.
Trusted State Select whether this port is a trusted port (Trusted) or an untrusted port (Untrusted).
Trusted ports are connected to DHCPv6 servers or other switches.
Untrusted ports are connected to subscribers, and the Switch discards DHCPv6 packets from
untrusted ports in the following situations:
• The packet is a DHCPv6 server packet (for example, ADVERTISE, REPLY, or RELAY-REPLY).
• The source MAC address and source IP address in the packet do not match any of the
current bindings.
Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the non-volatile memory when you are done configuring.
Cancel Click this to reset the values in this screen to their last-saved values.
Table 142 Advanced Application > IP Source Guard > IPv6 DHCP Trust Setup (continued)
LABEL DESCRIPTION
To Next Page
Loading...
