It is recommended that you enable Loop Protect on all the Layer 2 interfaces when the spanning tree is disabled on the Mobility Access Switch. You can re-enable the port automatically or manually. When the system detects a loop, it disables the port that sends the PDU. A proprietary protocol data unit (PDU) is used to detect the physical loops in the network. You can enable or disable this functionality at an interface level. The Loop Protect functionality detects the unwanted physical loops in your network. You must explicitly enable DHCP Trust (trust dhcp) in the port-security-profile (if applied to a port) to allow these DHCP messages from valid devices. By default, the DHCP Trust setting in a port-security-profile is to filter (block) these OFFER and ACK messages. You can enable DHCP trust on any interface. The following IPv4 DHCP messages are filtered on an interface configured not to trust DHCP. The DHCP trust functionality provides support to filter the IPv4 DHCP packets from the unauthorized devices. Unicast RA messages with multiple extension headers. The following Unicast RA messages are not filtered by enabling the RA guard: RA message with multiple extension headers The following RA messages are filtered by enabling the RA guard: The port can be re-activated after the configured time by configuring the auto-recovery option. By enabling, the RA packets received on the interface are dropped and the port can be shutdown based on the interface configuration. The RA guard feature is disabled by default.
The Router Advertisement (RA) Guard functionality analyzes the RAs and filters out RA packets sent by unauthorized devices. You can now filter the unauthorized devices to send the control packets, restrict the number of MACs allowed on the interface, and detect unwanted loops in the network when not running spanning-tree protocol. This release of ArubaOS Mobility Access Switch supports Port Security functionality which provides network security at Layer 2. Port Security Overview Port Security Overview
0 kommentar(er)
