Skip Navigation Links | |
Exit Print View | |
Oracle Solaris Administration: Network Interfaces and Network Virtualization Oracle Solaris 11 Information Library |
1. Overview of the Networking Stack
Network Configuration in This Oracle Solaris Release
The Network Stack in Oracle Solaris
Network Devices and Datalink Names
Administration of Other Link Types
3. NWAM Configuration and Administration (Overview)
4. NWAM Profile Configuration (Tasks)
5. NWAM Profile Administration (Tasks)
6. About the NWAM Graphical User Interface
Part II Datalink and Interface Configuration
7. Using Datalink and Interface Configuration Commands on Profiles
8. Datalink Configuration and Administration
9. Configuring an IP Interface
10. Configuring Wireless Interface Communications on Oracle Solaris
12. Administering Link Aggregations
16. Exchanging Network Connectivity Information With LLDP
Part III Network Virtualization and Resource Management
17. Introducing Network Virtualization and Resource Control (Overview)
18. Planning for Network Virtualization and Resource Control
19. Configuring Virtual Networks (Tasks)
20. Using Link Protection in Virtualized Environments
Configuring Link Protection (Task Map)
How to Enable the Link Protection Mechanism
How to Disable Link Protection
How to Specify IP Addresses for Protection Against IP Spoofing
21. Managing Network Resources
To use link protection, you use one of the options of the dladm command to set the link properties. If the type of protection works with other configuration files, for example, ip-nospoof with allowed-ips, then you perform two general actions. First, you enable link protection. Then, you customize the configuration file to determine how the link protection operates.
Note - You must configure link protection in the global zone.
The following points to the tasks that you can use to configure link protection on a Oracle Solaris server.
|
This procedure enables one or more of the following link protection types: mac-nospoof, ip-nospoof, and restricted.
For more information, see How to Obtain Administrative Rights in Oracle Solaris Administration: Security Services.
# dladm set-linkprop -p protection=value[,value,...] link
In the following example, all three link protection types on the vnic0 link are enabled:
# dladm set-linkprop -p protection=mac-nospoof,ip-nospoof,restricted vnic0
This procedure resets link protection to the default values, which disables link protection.
For more information, see How to Obtain Administrative Rights in Oracle Solaris Administration: Security Services.
# dladm reset-linkprop -p protection link
Note that the allowed-ips property is used only if the protection property enables the ip-nospoof protection type.
For more information, see How to Obtain Administrative Rights in Oracle Solaris Administration: Security Services.
If you have not yet enabled this type of link protection, then issue the following command:
# dladm set-linkprop -p protection=ip-nospoof
# dladm set-linkprop -p allowed-ips=IP-addr[,IP-addr,...] link
The following example shows how to specify the 10.0.0.1 and 10.0.0.2 IP addresses as values for the allowed-ips property for the vnic0 link:
# dladm set-linkprop -p allowed-ips=10.0.0.1,10.0.0.2 vnic0
The values of the protection and allowed-ips properties indicate how link protection is configured. Note that the allowed-ips property is used only if the protection property specifies the ip-nospoof protection type.
For more information, see How to Obtain Administrative Rights in Oracle Solaris Administration: Security Services.
# dladm show-linkprop -p protection,allowed-ips link
The following example shows the values for the protection and allowed-ips properties for the vnic0 link:
# dladm show-linkprop -p protection,allowed-ips vnic0 LINK PROPERTY PERM VALUE DEFAULT POSSIBLE vnic0 protection rw ip-nospoof -- -- mac-nospoof restricted vnic0 allowed-ips rw 10.0.0.1, -- -- 10.0.0.2