JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris Administration: Network Interfaces and Network Virtualization     Oracle Solaris 11 Express 11/10
search filter icon
search icon

Document Information

Preface

Part I Network Auto-Magic

1.  Introduction to NWAM

2.  NWAM Configuration and Administration (Overview)

3.  NWAM Profile Configuration (Tasks)

4.  NWAM Profile Administration (Tasks)

5.  About the NWAM Graphical User Interface

Part II Administering Single Interfaces

6.  Overview of the Networking Stack

7.  Datalink Configuration and Administration

8.  Configuring an IP Interface

9.  Configuring Wireless Interface Communications on Oracle Solaris

Part III Administering Interface Groups

10.  Administering Bridges

11.  Administering Link Aggregations

12.  Administering VLANs

13.  Introducing IPMP

14.  Administering IPMP

Part IV  Network Virtualization and Resource Management

15.  Introducing Network Virtualization and Resource Control (Overview)

16.  Planning for Network Virtualization and Resource Control

17.  Configuring Virtual Networks (Tasks)

18.  Using Link Protection in Virtualized Environments

Overview of Link Protection

Link Protection Types

Configuring Link Protection (Task Map)

How to Enable the Link Protection Mechanism

How to Disable Link Protection

How to Specify IP Addresses for Protection Against IP Spoofing

How to View the Link Protection Configuration

19.  Managing Network Resources

20.  Monitoring Network Traffic and Resource Usage

Glossary

Index

Configuring Link Protection (Task Map)

To use link protection, you use one of the options of the dladm command to set the link properties. If the type of protection works with other configuration files, for example, ip-nospoof with allowed-ips, then you perform two general actions. First, you enable link protection. Then, you customize the configuration file to determine how the link protection operates.


Note - You must configure link protection in the global zone.


The following points to the tasks that you can use to configure link protection on a Oracle Solaris server.

Task
Description
For Instructions
Enable link protection mechanism.
Use the dladm set-linkprop command to enable link protection types for a link.
Disable link protection mechanism.
Use the dladm reset-linkprop command to disable link protection.
Customize the IP link protection type.
Use the dladm set-linkprop command to configure or modify the values in the allowed-ips property.
View the link protection configuration.
Use the dladm show-linkprop command to view the link protection configuration by specifying the protection and allowed-ips property names.

How to Enable the Link Protection Mechanism

This procedure enables one or more of the following link protection types: mac-nospoof, ip-nospoof, and restricted.

  1. Become an administrator.

    For more information, see How to Obtain Administrative Rights in System Administration Guide: Security Services.

  2. Enable link protection by specifying one or more protection types.
    # dladm set-linkprop -p protection=value[,value,...] link

    In the following example, all three link protection types on the vnic0 link are enabled:

    # dladm set-linkprop -p protection=mac-nospoof,ip-nospoof,restricted vnic0

How to Disable Link Protection

This procedure resets link protection to the default values, which disables link protection.

  1. Become an administrator.

    For more information, see How to Obtain Administrative Rights in System Administration Guide: Security Services.

  2. Disable link protection by resetting the protection property to its default value.
    # dladm reset-linkprop -p protection link

How to Specify IP Addresses for Protection Against IP Spoofing

Note that the allowed-ips property is used only if the protection property enables the ip-nospoof protection type.

  1. Become an administrator.

    For more information, see How to Obtain Administrative Rights in System Administration Guide: Security Services.

  2. Make sure that you have enabled protection from IP spoofing.

    If you have not yet enabled this type of link protection, then issue the following command:

    # dladm set-linkprop -p protection=ip-nospoof
  3. Specify a list of IP addresses as values for the allowed-ips link property.
    # dladm set-linkprop -p allowed-ips=IP-addr[,IP-addr,...] link

    The following example shows how to specify the 10.0.0.1 and 10.0.0.2 IP addresses as values for the allowed-ips property for the vnic0 link:

    # dladm set-linkprop -p allowed-ips=10.0.0.1,10.0.0.2 vnic0

How to View the Link Protection Configuration

The values of the protection and allowed-ips properties indicate how link protection is configured. Note that the allowed-ips property is used only if the protection property specifies the ip-nospoof protection type.

  1. Become an administrator.

    For more information, see How to Obtain Administrative Rights in System Administration Guide: Security Services.

  2. View the link protection property values.
    # dladm show-linkprop -p protection,allowed-ips link

    The following example shows the values for the protection and allowed-ips properties for the vnic0 link:

    # dladm show-linkprop -p protection,allowed-ips vnic0
    LINK      PROPERTY        PERM     VALUE           DEFAULT     POSSIBLE
    vnic0     protection      rw       ip-nospoof      --          --
                                       mac-nospoof
                                       restricted
    vnic0     allowed-ips     rw       10.0.0.1,       --          --
                                       10.0.0.2