Hà Nội: NTT03, Line 1, Thống Nhất Complex, 82 Nguyễn Tuân, Thanh Xuân, Hà Nội. ● HCM: Số 31B, Đường 1, Phường An Phú, Quận 2 (Thủ Đức), TP HCM. ===> Đơn Vị Hàng Đầu Trong Lĩnh Vực Cung Cấp Thiết Bị Security - Network - Wifi - CCTV - Conference - Máy chủ Server - Lưu trữ Storge.
Danh mục sản phẩm

Overview Host Guard

The Host Guard function is mainly used to the access layer devices, preventing the ARP packets forged by the attacker from damaging the ARP table on the terminal device. The host IP address protected by Host Guard is usually applied to the IP addresses of the gateway device in the network and important server.

In the Host Guard function, there are two concepts:

  • Host Guard group: comprises a series of host guard group rules, that is, the set of the protected host IP addresses;
  • Host Guard group rule: One protected host IP address

The work principle of the Host Guard function is as follows:

The brief diagram of the Host Guard function

Figure 10–1 The brief diagram of the Host Guard function

As shown in the above figure, Attacker can make use of the IP address 192.168.1.1 of the Server to forge the ARP packet and forward to PC via Device, damaging the ARP table on PC. As a result, PC cannot access Server normally.

On Device, after applying the IP address of Server 192.168.1.1 as one host guard group rule to port te0/2, when the sending IP address in the ARP packet received by Device is the same as the IP address of Server and if the receiving port is te0/2, the packet can be processed normally; if the receiving port is not te0/2, the packet is dropped. That is, the ARP packet sent by Server can only be forwarded via port te0/2.

The ARP packet forged by Attacker is dropped.