ARP attack protection configuration
ARP attack protection overview
Although ARP is easy to implement, it provides no security mechanism and is prone to network attacks.
An attacker may send the following:
ARP packets by acting as a trusted user or gateway so that the receiving devices obtain incorrect
ARP entries. As a result, network attacks occur.
A large number of IP packets with unreachable destinations. As a result, the receiving device
continuously resolves destination IP addresses and its CPU is overloaded.
A large number of ARP packets to create a great impact to the CPU.
For more information about ARP attack features and types, see ARP Attack Protection Technology White
Paper.
ARP attacks and viruses threaten LAN security. The switch can provide multiple features to detect and
prevent such attacks. This chapter mainly introduces these features.
ARP attack protection configuration task list
Complete the following tasks to configure ARP attack protection:
Task
Flood prevention
User and
gateway
spoofing
prevention
Configuring ARP source
suppression
Configuring ARP
defense against
IP packet attacks
Enabling ARP black hole
routing
Configuring ARP packet rate limit
Configuring source MAC address based ARP
attack detection
Configuring ARP packet source MAC address
consistency check
Configuring ARP active acknowledgement
Remarks
Optional
Configure this function on gateways
(recommended).
Optional
Configure this function on gateways
(recommended).
Optional
Configure this function on access
devices (recommended).
Optional
Configure this function on gateways
(recommended).
Optional
Configure this function on gateways
(recommended).
Optional
Configure this function on gateways
(recommended).
265