Arp Gateway Protection Configuration Example; Configuring Arp Filtering; Introduction - HP 5120 EI Switch Series Configuration Manual
Hide thumbs
Also See for 5120 EI Switch Series:
- Lan switching configuration manual (235 pages) ,
- Installation manual (92 pages) ,
- Specification (51 pages)
Table of Contents
Advertisement
NOTE:
You can enable ARP gateway protection for up to eight gateways on a port.
Commands arp filter source and arp filter binding cannot be both configured on a port.
If ARP gateway protection works with ARP detection, ARP gateway protection applies first.
ARP gateway protection configuration example
Network requirements
As shown in
Switch B intends to send to Switch A is sent to Host B.
Configure Switch B to block such attacks.
Figure 87 Network diagram for ARP gateway protection configuration
Switch A
Switch B
GE1/0/1
Host A
Configuration procedure
# Configure ARP gateway protection on Switch B.
<SwitchB> system-view
[SwitchB] interface GigabitEthernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] arp filter source 10.1.1.1
[SwitchB-GigabitEthernet1/0/1] quit
[SwitchB] interface GigabitEthernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] arp filter source 10.1.1.1
After the configuration is complete, Switch B will discard the ARP packets whose source IP address is that
of the gateway.
Configuring ARP filtering
Introduction
To prevent gateway spoofing and user spoofing, the ARP filtering feature controls the forwarding of ARP
packets on a port.
Figure
87, Host B launches gateway spoofing attacks to Switch B. As a result, traffic that
Gateway
10.1.1.1/24
GE1/0/3
GE1/0/2
Host B
280
Advertisement
Table of Contents
Troubleshooting
