beautypg.com

Configuring dai to support a multi-vrf instance, Configuring the neighbor discovery protocol, Configuring static-neighbor on default vrfs – Brocade FastIron Ethernet Switch Layer 3 Routing Configuration Guide User Manual

Page 654

background image

Configuring DAI to support a Multi-VRF instance

Dynamic ARP Inspection (DAI) enables the Brocade device to intercept and examine all ARP request
and response packets in a subnet and discard those packets with invalid IP to MAC address bindings.
DAI can prevent common man-in-the-middle (MiM) attacks such as ARP cache poisoning, and
disallow mis-configuration of client IP addresses. Dynamic ARP Inspection (DAI) allows only valid ARP
requests and responses to be forwarded. DAI supports Multi-VRFs with overlapping address
spaces.For more information on DAI, refer to the FastIron Ethernet Switch Security Configuration
Guide .

Configuring DHCP snooping to support a Multi-VRF instance

Dynamic Host Configuration Protocol (DHCP) snooping enables the Brocade device to filter untrusted
DHCP IPv4 or IPv6 packets in a subnet. DHCP snooping can ward off MiM attacks, such as a
malicious user posing as a DHCP server sending false DHCP server reply packets with the intention of
misdirecting other users. DHCP snooping can also stop unauthorized DHCP servers and prevent
errors due to user mis-configuration of DHCP servers. DHCP snooping supports Multi-VRFs. For more
information on configuring DHCP IPv4 or IPv6 snooping to support a Multi-VRF instance, refer to
FastIron Ethernet Switch Security Configuration Guide .

Configuring IP Source Guard to support a Multi-VRF instance

You can use IP Source Guard (IPSG) together with Dynamic ARP Inspection on untrusted ports. The
Brocade implementation of the IP Source Guard feature supports configuration on a port, on specific
VLAN memberships on a port (Layer 2 devices only), and on specific ports on a virtual interface (VE)
(Layer 3 devices only). For more information on IPSG, refer to the FastIron Ethernet Switch Security
Configuration Guide .

Configuring the Neighbor Discovery Protocol

Configuring Static-Neighbor on default VRFs

This command is backward compatible, and all static neighbor entries configured in previous releases
are supported on the default VRF.

Brocade(config)# ipv6 neighbor 2000::1 eth 7/1 0.0.1

Syntax: [no] ipv6 neighbor ipv6-address [ ethernet | ve ] port mac-address

Configuring DAI to support a Multi-VRF instance

654

FastIron Ethernet Switch Layer 3 Routing Configuration Guide

53-1003087-04

See also other documents in the category Brocade Computer Accessories: