Skip Navigation Links | |
Exit Print View | |
Oracle Solaris Administration: Network Interfaces and Network Virtualization Oracle Solaris 11 Express 11/10 |
2. NWAM Configuration and Administration (Overview)
3. NWAM Profile Configuration (Tasks)
4. NWAM Profile Administration (Tasks)
5. About the NWAM Graphical User Interface
Part II Administering Single Interfaces
6. Overview of the Networking Stack
7. Datalink Configuration and Administration
8. Configuring an IP Interface
9. Configuring Wireless Interface Communications on Oracle Solaris
Part III Administering Interface Groups
11. Administering Link Aggregations
Part IV Network Virtualization and Resource Management
15. Introducing Network Virtualization and Resource Control (Overview)
16. Planning for Network Virtualization and Resource Control
17. Configuring Virtual Networks (Tasks)
18. Using Link Protection in Virtualized Environments
Configuring Link Protection (Task Map)
How to Enable the Link Protection Mechanism
How to Disable Link Protection
How to Specify IP Addresses for Protection Against IP Spoofing
19. Managing Network Resources
To use link protection, you use one of the options of the dladm command to set the link properties. If the type of protection works with other configuration files, for example, ip-nospoof with allowed-ips, then you perform two general actions. First, you enable link protection. Then, you customize the configuration file to determine how the link protection operates.
Note - You must configure link protection in the global zone.
The following points to the tasks that you can use to configure link protection on a Oracle Solaris server.
|
This procedure enables one or more of the following link protection types: mac-nospoof, ip-nospoof, and restricted.
For more information, see How to Obtain Administrative Rights in System Administration Guide: Security Services.
# dladm set-linkprop -p protection=value[,value,...] link
In the following example, all three link protection types on the vnic0 link are enabled:
# dladm set-linkprop -p protection=mac-nospoof,ip-nospoof,restricted vnic0
This procedure resets link protection to the default values, which disables link protection.
For more information, see How to Obtain Administrative Rights in System Administration Guide: Security Services.
# dladm reset-linkprop -p protection link
Note that the allowed-ips property is used only if the protection property enables the ip-nospoof protection type.
For more information, see How to Obtain Administrative Rights in System Administration Guide: Security Services.
If you have not yet enabled this type of link protection, then issue the following command:
# dladm set-linkprop -p protection=ip-nospoof
# dladm set-linkprop -p allowed-ips=IP-addr[,IP-addr,...] link
The following example shows how to specify the 10.0.0.1 and 10.0.0.2 IP addresses as values for the allowed-ips property for the vnic0 link:
# dladm set-linkprop -p allowed-ips=10.0.0.1,10.0.0.2 vnic0
The values of the protection and allowed-ips properties indicate how link protection is configured. Note that the allowed-ips property is used only if the protection property specifies the ip-nospoof protection type.
For more information, see How to Obtain Administrative Rights in System Administration Guide: Security Services.
# dladm show-linkprop -p protection,allowed-ips link
The following example shows the values for the protection and allowed-ips properties for the vnic0 link:
# dladm show-linkprop -p protection,allowed-ips vnic0 LINK PROPERTY PERM VALUE DEFAULT POSSIBLE vnic0 protection rw ip-nospoof -- -- mac-nospoof restricted vnic0 allowed-ips rw 10.0.0.1, -- -- 10.0.0.2