Configuring Arp Attack Protection; Arp Attack Protection Configuration Task List - HP A5830 Series Configuration Manual

Configuring ARP attack protection

The term "interface" in the ARP attack protection features refers to Layer 3 interfaces, including VLAN
interfaces and route-mode (or Layer 3) Ethernet ports. You can set an Ethernet port to operate in route
mode by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).
CAUTION:
Although ARP is easy to implement, it provides no security mechanism and is vulnerable to network
attacks.
An attacker can exploit ARP vulnerabilities to attack network devices in the following ways:
Acts as a trusted user or gateway to send ARP packets so that the receiving devices obtain incorrect
•
ARP entries.
Sends a large number of destination unreachable IP packets to have the receiving device busy with
•
resolving destination IP addresses until its CPU is overloaded.
Sends a large number of ARP packets to overload the CPU of the receiving device.
•
For more information about ARP attack features and types, see ARP Attack Protection Technology White
Paper.
ARP attacks and viruses threaten LAN security. This chapter introduces multiple features to detect and
prevent such attacks.

ARP attack protection configuration task list

Task
Flood prevention
User and
gateway
spoofing
Configuring ARP source
suppression
Configuring ARP
defense against
IP packet attacks
Enabling ARP black hole
routing
Configuring ARP packet rate limit
Configuring source MAC address-based ARP
attack detection
Configuring ARP packet source MAC address
consistency check
Remarks
Optional.
Configure this function on gateways
(recommended).
Optional.
Configure this function on gateways
(recommended).
Optional.
Configure this function on access
devices (recommended).
Optional.
Configure this function on gateways
(recommended).
Optional.
Configure this function on gateways
(recommended).
223