Go to main content

Securing the Network in Oracle® Solaris 11.3

Exit Print View

Updated: September 2018
 
 

How to Enable Link Protection

This procedure restricts outgoing packet types and prevents the spoofing of links.

Before You Begin

You must become an administrator who is assigned the Network Link Security rights profile. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.

  1. View the available link protection types.
    # dladm show-linkprop -p protection
    LINK      PROPERTY        PERM VALUE        EFFECTIVE    DEFAULT   POSSIBLE
    vnic0     protection      rw   --           --           --        mac-nospoof,
                                                                       restricted,
                                                                       ip-nospoof,
                                                                       dhcp-nospoof

    For a description of the possible types, see Link Protection Types and the dladm(1M) man page.

  2. Enable link protection by specifying one or more protection types.
    # dladm set-linkprop -p protection=value[,value,...] link

    In the following example, all four link protection types on the vnic0 link are enabled:

    # dladm set-linkprop \
    -p protection=mac-nospoof,restricted,ip-nospoof,dhcp-nospoof vnic0

    Caution

    Caution  - Test each protection value singly before enabling it. A misconfigured system can prevent communication.


  3. Verify that the link protections are enabled.
    # dladm show-linkprop -p protection vnic0
    LINK      PROPERTY        PERM VALUE        EFFECTIVE    DEFAULT   POSSIBLE
    vnic0     protection      rw   mac-nospoof  mac-nospoof  --        mac-nospoof,
                                   restricted   restricted   --        restricted,
                                   ip-nospoof   ip-nospoof   --        ip-nospoof, 
                                   dhcp-nospoof dhcp-nospoof --        dhcp-nospoof