Netgear XCM8810 Chassis Hardware Installation Guide - Page 625
enable ip-security arp gratuitous-protection
View all Netgear XCM8810 Chassis manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 625 highlights
NETGEAR 8800 Chassis Switch CLI Manual Default The default is disabled. Usage Guidelines This command enables TCP fragment checking. This checking takes effect for IPv4/IPv6. When it is enabled, the switch drops TCP packets if one of following condition is true: • For the first IPv4 TCP fragment (its IP offset field==0), if its TCP header is less than the minimum IPv4 TCP header allowed size • For the first IPv6 TCP fragment (its IP offset field==0), if its TCP header is less than the minimum IPv6 TCP header allowed size • If its IP offset field==1 (for IPv4 only) enable ip-security arp gratuitous-protection enable ip-security arp gratuitous-protection {vlan} [all | ] Description Enables gratuitous ARP protection on one or all VLANs on the switch. Syntax Description all vlan-name Specifies all VLANs configured on the switch. Specifies the VLAN. Default By default, gratuitous ARP protection is disabled. Usage Guidelines Hosts can launch man-in-the-middle attacks by sending out gratuitous ARP requests for the router's IP address. This results in hosts sending their router traffic to the attacker, and the attacker forwarding that data to the router. This allows passwords, keys, and other information to be intercepted. To protect against this type of attack, the router will send out its own gratuitous ARP request to override the attacker whenever a gratuitous ARP broadcast with the router's IP address as the source is received on the network. If you enable both DHCP secured ARP and gratuitous ARP protection, the switch protects its own IP address and those of the hosts that appear as secure entries in the ARP table. To protect the IP addresses of the hosts that appear as secure entries in the ARP table, use the following commands to enable DHCP snooping, DHCP secured ARP, and gratuitous ARP on the switch: Chapter 15. Security Commands | 625