Configuring ARP attack protection
Although ARP is easy to implement, it provides no security mechanism and thus is prone to network
attacks. An attacker may send the following:
ARP packets by acting as a trusted user or gateway so that the receiving devices obtain incorrect
•
ARP entries.
A large number of IP packets with unreachable destinations. As a result, the receiving device
•
continuously resolves destination IP addresses and thus its CPU is overloaded.
A large number of ARP packets to overload the CPU of the receiving device.
•
For more information, see ARP Attack Protection Technology White Paper.
ARP attacks and viruses threaten LAN security. The device can provide multiple features to detect and
prevent such attacks. This chapter mainly introduces these features.
Configuration task list
Task
Flood
prevention
Configuring ARP
Configuring
source suppression
ARP defense
against IP
Enabling ARP black
packet attacks
hole routing
Configuring ARP active
acknowledgement
Configuring authorized ARP
Configuring ARP detection
Configuring ARP automatic scanning
and fixed ARP
Configuring ARP gateway protection
Configuring ARP filtering
Remarks
Optional
Configure this function on gateways
(recommended).
Optional
Configure this function on gateways
(recommended).
Optional
Configure this function on gateways
(recommended).
Optional
Configure this function on gateways
(recommended).
Optional
Configure this function on access devices
(recommended).
Optional
Configure this function on gateways
(recommended).
Optional
Configure this function on access devices
(recommended).
Optional
Configure this function on access devices
(recommended).
415