Qtech QSW-8200-52T-AC — команды для предотвращения ARP и ND спуфинга в сетях [40/47]

Превью страниц Страница 40 / 47

User Manual

Chapter 3. Commands for Preventing ARP, ND Spoofing 40

www.qtech.ru

 Function: Forbid ARP learning function of IPv4 Version, the “no ip arp-security

learnprotect” command re-enables ARP learning function.

 Parameter: None.

 Default: ARP learning enabled.

 Command Mode: Global Mode/ Interface Configuration.

 Usage Guide: This command is for preventing the automatic learning and updating of

ARP. Unlike ip arp-security updateprotect, once this command implemented, there will

still be timeout even if the switch keeps sending Request/Reply messages.

 Example:

 Switch(Config-if-Vlan1)# ip arp-security learnprotect

 Switch(config)# ip arp-security learnprotect

3.4 ipv6 nd-security learnprotect

 Command: ipv6 nd-security learnprotect

 no ipv6 nd-security learnprotect

 Function: Forbid ND learning function of IPv6 Version, the no command re-enables ND

learning function.

 Parameter: None.

 Default: ND learning enabled.

 Command Mode: Global Mode/ Interface Configuration.

 Usage Guide: This command is for preventing the automatic learning and updating of

ND. Unlike ip nd-security updateprotect, once this command implemented, there will

still be timeout even if the switch keeps sending Request/Reply messages.

 Example:

 Switch(Config-if-Vlan1)#ipv6 nd -security learnprotect

 Switch(config)#ipv6 nd -security learnprotect

3.5 ip arp-security convert

 Command: ip arp-security convert

 Function: Change all of dynamic ARP to static ARP.

 Parameter: None

 Command Mode: Global Mode/ Interface configuration

 Usage Guide: This command will convert the dynamic ARP entries to static ones, which,

in combination with disabling automatic learning, can prevent ARP binding. Once

implemented, this command will lose its effect.

 Example:

 Switch(Config-if-Vlan1)#ip arp -security convert

 Switch(config)#ip arp -security convert