Filter
Top Products
DES-7200 Configuration Guide Chapter 5 Port-based Flow Control Configuration
5-13
5.4 ARP-CHECK
5.4.1 Overview
ARP-Check function filters all ARP packets on the logic interface and dropps all illegal
ARP packets, avoiding the ARP fraud in the network and improving the network
stability.
DES-7200 switches support multiple IP security application(such as IP Source Guard,
globle IP+MAC binding, port security, ect), which effectively filter the user IP packets
and avoid the illegal user to use the network resources. The ARP check function
generates the corresponding ARP filtering information accoding to the legel user
information (IP or IP+MAC), implementing the illegal ARP packet filtering in the
network.
ARP Check and other security functions
As shown in the above figure, ARP Check function checks whether the Sender IP field
or the <Sender IP, Sender MAC> field of all ARP packets on the logic interface
matches with the legal user information(IP or IP+MAC), and the ARP packets that not
match with the legal user information. The ARP Check function supported security
function modules include:
1. Check the IP field only: IP mode for the port security and the ip source guard.
2. Check the IP+MAC field: IP+MAC binding mode for the port security, global IP+MAC
binding, 802.1x IP authorization, IP Source Guard, GSN binding function.
There are two modes of ARP-CHECK: enabled, disabled mode. The disabled mode is
by default.