How to Enable Link Protection

Language:

This procedure restricts outgoing packet types and prevents the spoofing of links.

Before You Begin

You must become an administrator who is assigned the Network Link Security rights profile. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .

View the available link protection types.

# dladm show-linkprop -p protection
LINK     PROPERTY        PERM VALUE        EFFECTIVE    DEFAULT   POSSIBLE
net0     protection      rw   --           --           --        mac-nospoof,
                                                                  restricted,
                                                                  ip-nospoof,
                                                                  dhcp-nospoof

For a description of the possible types, see Link Protection Types and the dladm(1M) man page.

Enable link protection by specifying one or more protection types.
```
# dladm set-linkprop -p protection=value[,value,...] link
```
In the following example, all four link protection types on the vnic0 link are enabled:
```
# dladm set-linkprop \
-p protection=mac-nospoof,restricted,ip-nospoof,dhcp-nospoof vnic0
```
Caution - Test each protection value singly before enabling it. A misconfigured system can prevent communication.

Verify that the link protections are enabled.

# dladm show-linkprop -p protection vnic0
LINK     PROPERTY        PERM VALUE        EFFECTIVE    DEFAULT   POSSIBLE
net0     protection      rw   mac-nospoof  mac-nospoof  --        mac-nospoof,
                              restricted   restricted   --        restricted,
                              ip-nospoof   ip-nospoof   --        ip-nospoof, 
                              dhcp-nospoof dhcp-nospoof --        dhcp-nospoof