Qtech QSW-8200-28T-AC — команды для предотвращения ARP и ND спуфинга в сетях [39/47]

Превью страниц Страница 39 / 47

User Manual

Chapter 3. Commands for Preventing ARP, ND Spoofing 39

www.qtech.ru

Chapter 3 COMMANDS FOR PREVENTING ARP, ND SPOOFING

3.1 ip arp-security updateprotect

 Command: ip arp-security updateprotect

 no ip arp-security updateprotect

 Function: Forbid ARP table automatic update. The "no ip arp-security updateprotect”

command re-enables ARP table automatic update.

 Parameter: None.

 Default: ARP table automatic update.

 Command Mode: Global Mode/ Interface configuration.

 User Guide: Forbid ARP table automatic update, the ARP packets conflicting with

current ARP item (e.g. with same IP but different MAC or port) will be dropped, the

others will be received to update aging timer or create a new item; so, the current ARP

item keep unchanged and the new item can still be learned.

 Example:

 Switch(Config-if-Vlan1)#ip arp-security updateprotect.

 Switch(config)#ip arp-security updateprotect

3.2 ipv6 nd-security updateprotect

 Command: ipv6 nd-security updateprotect

 no ipv6 nd-security updateprotect

 Function: Forbid ND automatic update function of IPv6 Version, the no command

resets ND automatic update function.

 Parameter: None

 Default: ND update normally.

 Command Mode: Global Mode/ Interface configuration

 User Guide: Forbid ND table automatic update, the ND packets conflicting with current

ND item (e.g. with same IP but different MAC or port) will be droped, the others will be

received to update aging timer or create a new item; so, the current ND item keep

unchanged and the new item can still be learned.

 Example:

 Switch(Config-if-Vlan1)#ipv6 nd -security updateprotect

 Switch(config)#ipv6 nd -security updateprotect

3.3 ip arp-security learnprotect

 Command: ip arp-security learnprotect

 no ip arp-security learnprotect