Loading ...
Loading ...
Loading ...
Circuit ID Customization:
Enable or disable the switch to define the Option 82
sub-
option Circuit ID field. With Disable selected, configure
VLAN ID and port number from which the packet is received
as the circuit ID default value.
Circuit ID:
Enter the sub-
option Circuit ID for the customized Option 82
field.
Remote ID
Customizat
ion:
Enable or disable the switch to define the Option 82
sub-
option Remote ID field. With Disable selected, configure
the switch system MAC address as the remote ID default
value.
Remote ID:
Enter the sub-
option Remote ID for the customized Option
82.
LAG:
Displays the LAG to which the port belongs.
12.3 ARP Inspection
According to the ARP Implementation Procedure stated in 12.1.3 ARP Scanning, it can be
found that ARP protocol can facilitate the Hosts in the same network segment to communicate
with one another or access to external network via Gateway. However, since ARP protocol is
implemented with the premise that all the Hosts and Gateways are trusted, there are high
security risks during ARP Implementation Procedure in the actual complex network. Thus, the
cheating attacks against ARP, such as imitating Gateway, cheating Gateway, cheating terminal
Hosts and ARP Flooding Attack, frequently occur to the network, especially to the large
network such as campus network. The following part will simply introduce these ARP attacks.
Imitating Gateway
The attacker sends the MAC address of a forged Gateway to Host, and then the Host will
automatically update the ARP table after receiving the ARP response packets, which causes
that the Host cannot access the network normally. The ARP Attack implemented by imitating
Gateway is illustrated in the following figure.
Figure 12-11 ARP Attack - Imitating Gateway
159
Loading ...
Loading ...
Loading ...