In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-01 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
Ip dhcp snooping + ip arp inspection
1.Ip arp inspection
Configuring Dynamic ARP Inspection in DHCP Environments
This example shows how to configure dynamic ARP inspection on Switch A in VLAN 1. You would perform a similar procedure on Switch B:
Switch(config)# ip arp inspection vlan 1
Switch(config)# interface gigabitethernet 0/1
Switch(config-if)# ip arp inspection trust
Other untrusted ports need to judge whether the ARP packet is legitimate according to the mac and ip mapping table obtained from dhcp snooping.
Configuring ARP ACLs for Non-DHCP Environments
This example shows how to configure an ARP ACL called host2 on Switch A, to permit ARP packets from Host 2 (IP address 1.1.1.1 and MAC address 0001.0001.0001), to apply the ACL to VLAN 1, and to configure port 1 on Switch A as untrusted:
Switch(config)# arp access-list host2
Switch(config-arp-acl)# permit ip host 1.1.1.1 mac host 1.1.1
Switch(config-arp-acl)# exit
Switch(config)# ip arp inspection filter host2 vlan 1
Switch(config)# interface gigabitethernet 0/1
Switch(config-if)# no ip arp inspection trust//trust was configured before, now it is untrusted
Port1 is an untrusted port, but allows ARP packets from host2 to pass through the mapping table without matching Ip to MAC. Is this table obtained through dhcp snooping, and host2 is statically configured not Ip, not dynamically obtained through dhcp, so the table has no relevant records. You cannot rely on this to detect ARP packets.
2.ip dhcp snooping
Trusted ports can initiate all DHCP messages, while untrusted ports can only initiate request messages. This feature can be used in conjunction with DHCP Option 82, which inserts the port ID of a DHCP request into a DHCP request packet.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.