beautypg.com

4 the arp inspection screen, 1 configuring arp inspection, Ax b – ZyXEL Communications MES-2110 User Manual

Page 147

background image

Chapter 19 IP Source Guard

MES-2110 User’s Guide

147

19.4 The ARP Inspection Screen

Use ARP inspection to filter unauthorized ARP frames on the network. This can
prevent many kinds of man-in-the-middle attacks, such as the one in the following
example.

Figure 68 Example: Man-in-the-middle Attack

In this example, computer B tries to establish a connection with computer A.
Computer X is in the same broadcast domain as computer A and intercepts the
ARP request for computer A. Then, computer X does the following things:

• It pretends to be computer A and responds to computer B.
• It pretends to be computer B and sends a message to computer A.

As a result, all the communication between computer A and computer B passes
through computer X. Computer X can read and alter the information passed
between them.

19.4.1 Configuring ARP Inspection

Follow these steps to configure ARP inspection on the MES-2110.

1

Configure DHCP snooping. See

Section 19.1.1.3 on page 142

.

Note: It is recommended you enable DHCP snooping at least one day before you

enable ARP inspection so that the MES-2110 has enough time to build the
binding table.

2

Enable ARP inspection on the MES-2110. See

Section 19.4 on page 147

for more

details about turning on this feature.

A

X

B