ZXA10C300Conîš¿gurationManual(CLI)
Result
WhenthesubscribersendsNDPprotocolpackets,thesystemaddsthefollowingLIOîš¿eld
tothepackets:
Circuit-id:ZXA10-C300/ZTEeth5/1/1/0/1:10
//where,10isoriginaluserVLAN.
14.2MACAddressAnti-SpoongConguration
TheZXA10C300supportstheMACaddressanti-spooîš¿ngfunctiontopreventmalicious
MACaddressspooîš¿ng,whichaffectsthenetworksecurity.
TheZXA10C300MACaddressanti-spooîš¿ngfunctionhasthefollowingfeatures:
lThisfunctionconstrainstheuserportthatlearnstheMACaddress.WhenoneMAC
addressislearntbyoneuserport,theaddresscannotbelearntbyotheruserports.
Thus,thesameMACaddresscannotoatbetweendifferentports.
lOnceauserportisdetectedtryingMACaddressspooîš¿ng,analarmmessage
includingtheportandMACaddresswillbereported.
lThisfunctionsupportsuplinkportprotection.AuserportMACaddresscanoatto
anuplinkport,whereasanuplinkportaddresscannotoattoauserport.AMAC
addresscanoatbetweenuplinkports,thustoprotectthegatewayMACaddressof
theuplinkports.
14.2.1ConfiguringtheUserPortMACAddressAnti-Spoofing
User-portMACaddressanti-spooîš¿ngpreventsmaliciousMACaddressspooîš¿ngbetween
userports.
Context
Theuser-portMACaddressanti-spooîš¿nghasthefollowingfeatures:
lWhenoneMACaddressislearntbyoneuserport,theaddresscannotbelearntby
otheruserports.
lOncethereisaMACmoveeventattheîš¿rsttime,thesystemwillgenerateanotiîš¿cation
includingtheMACaddress,VLAN,move-to-portandmove-from-port.
lThenotiîš¿cationreportintervalofthesameMACmoveeventscanbeconîš¿gured.
Steps
1.EnableglobalMACaddressanti-spooîš¿ngfunction.
ZXAN(config)#securitymac-anti-spoofingenable
2.EnableMACmovenotiîš¿cationcontrol.
ZXAN(config)#securitymac-move-reportenable
3.(Optional)Conîš¿gurethenotiîš¿cationreportintervalofthesameMACmovelog.
ZXAN(config)#securitymac-move-reportinterval30
14-8
SJ-20130520164529-007|2013-06-30(R1.0)ZTEProprietaryandConîš¿dential
To Next Page
Loading...
Need help?
General
