Netgear XCM8810 - 8800 SERIES 10-SLOT CHASSIS SWITCH ユーザーズマニュアル
Chapter 17. Security
|
461
NETGEAR 8800 User Manual
Depending on the options specified when enabling ARP validation, the following validations
are done. Note that the 'DHCP' option does not have to be specified explicitly, it is always
implied when ARP validation is enabled.
are done. Note that the 'DHCP' option does not have to be specified explicitly, it is always
implied when ARP validation is enabled.
Configuring ARP Validation
Before you configure ARP validation, you must enable DHCP snooping on the switch. To
enable DHCP snooping, use the following command:
enable DHCP snooping, use the following command:
enable ip-security dhcp-snooping {vlan} <vlan_name> ports [all | <ports>]
violation-action [drop-packet {[block-mac | block-port] [duration
<duration_in_seconds> | permanently] | none]}] {snmp-trap}
For more information about DHCP snooping see,
By default, ARP validation is disabled. To enable and configure ARP validation, use the
following command:
following command:
enable ip-security arp validation {destination-mac} {source-mac} {ip} {vlan}
<vlan_name> [all | <ports>] violation-action [drop-packet {[block-port]
[duration <duration_in_seconds> | permanently]}] {snmp-trap}
The violation action setting determines what action(s) the switch takes when an invalid ARP
is received.
is received.
Any violation that occurs causes the switch to generate an Event Management System
(EMS) log message. You can configure to suppress the log messages by configuring EMS
log filters. For more information about EMS, see the section
(EMS) log message. You can configure to suppress the log messages by configuring EMS
log filters. For more information about EMS, see the section
To disable ARP validation, use the following command:
disable ip-security arp validation {vlan} <vlan_name> [all | <ports>]
Displaying ARP Validation Information
To display information about ARP validation, use the following command:
show ip-security arp validation {vlan} <vlan_name>
The following is sample output from this command:
----------------------------------------------------------------
Port Validation Violation-action
----------------------------------------------------------------
7 DHCP drop-packet, block-port for 120 seconds, snmp-trap
23 DHCP drop-packet, block-port for 120 seconds, snmp-trap
Denial of Service Protection
A Denial-of-Service (DoS) attack occurs when a critical network or computing resource is
overwhelmed and rendered inoperative in a way that legitimate requests for service cannot
succeed. In its simplest form, a Denial of Service attack is indistinguishable from normal
heavy traffic. There are some operations in any switch or router that are more costly than
overwhelmed and rendered inoperative in a way that legitimate requests for service cannot
succeed. In its simplest form, a Denial of Service attack is indistinguishable from normal
heavy traffic. There are some operations in any switch or router that are more costly than