Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

DAI experiment

2025-01-20 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Experiment 4: DAI

1. based on Experiment 3.

2. Enable DAI on SW1 and specify Fa0/23 as Trust. Clear ARP entry for R1.

3. On R1 ping10.10.1.4/10.10.1.3 observe phenomena and think about why.

R1 pings 10.10.1.4, first sends MAC of ARP resolution 10.10.1.4. SW1 receives it and ARPInspection passes (because there is DHCPSnooping entry). SW1 will process ARP normally, and finally flood to R4.

R4 replies ARPReply, SW1 receives ARPReply from Trust interface. Therefore,R1ping 10.10.1.4 is passable.

Similarly, when R1 is ping 10.10.1.3, ARP detection of SW1 passes,ARP will flood to R3. However, ARPReply replied by R3, because DHCPsnooping entry of SW1 is not included, and it is not Trust interface, SW1 drops directly. Finally, R1 and R3 are blocked.

4. A static ARP access-list is defined on SW1, so that R1 and R3 can communicate.

5. ARP speed limit is implemented on the Fa0/3 interface of SW1 to limit the interface to receive at most 5 ARP messages per second.

After completion, delete the DAI configuration

Continue with previous experimental configuration

SW1(config)#ip arp inspection vlan 10

SW1(config)#int f0/23

SW1 (config-if)#ip arp inspection trust // R1ping R3 not working;pingR4 working

SW1(config)#arp access-list ARP-R3

SW1(config-arp-nacl)#permit ip host 10.10.1.3 mac host 000c.ce3a.b7e0

SW1(config)#ip arp inspection filter ARP-R3 vlan 10

SW1#sh ip arp inspection vlan 10

Source Mac Validation : Disabled

Destination Mac Validation : Disabled

IP Address Validation : Disabled

Vlan Configuration Operation ACL Match Static ACL

---- ------------- --------- --------- ----------

10 Enabled Active ARP-R3 No

Vlan ACL Logging DHCP Logging Probe Logging

---- ----------- ------------ -------------

Deny Deny Off // R1 can ping R3

SW1(config)#int f0/3

SW1(config-if)#ip arp inspection limit rate 5

SW1#sh ip arp inspection int //See which interfaces trust

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Interface experiment configuration cause Foundation message phenomenon Speed limit static processing Detection observation Communication restriction vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple MySQL macOS Docker Xiaomi OPPO Reno Huawei Microsoft Redmi NVidia vpn Shulou Information Shulou Technology Linux MariaDB Apple Shulou Tech Info MySQL macOS Docker Xiaomi OPPO Reno Huawei Microsoft Redmi NVidia vpn Shulou Information Shulou Technology Linux MariaDB Apple Shulou Tech Info

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report