Chapter 19 IP Source Guard

19.4 The ARP Inspection Screen

Use ARP inspection to filter unauthorized ARP frames on the network. This can prevent many kinds of man-in-the-middle attacks, such as the one in the following example.

Figure 68 Example: Man-in-the-middle Attack

AB

X

In this example, computer B tries to establish a connection with computer A. Computer X is in the same broadcast domain as computer A and intercepts the ARP request for computer A. Then, computer X does the following things:

It pretends to be computer A and responds to computer B.

It pretends to be computer B and sends a message to computer A.

As a result, all the communication between computer A and computer B passes through computer X. Computer X can read and alter the information passed between them.

19.4.1 Configuring ARP Inspection

Follow these steps to configure ARP inspection on the MES-2110.

1Configure DHCP snooping. See Section 19.1.1.3 on page 142.

Note: It is recommended you enable DHCP snooping at least one day before you enable ARP inspection so that the MES-2110 has enough time to build the binding table.

2Enable ARP inspection on the MES-2110. See Section 19.4 on page 147 for more details about turning on this feature.

MES-2110 User’s Guide

147

Page 147
Image 147
ZyXEL Communications MES-2110 manual ARP Inspection Screen, Configuring ARP Inspection, 147