Arp Attack Protection Configuration - H3C S5120-EI Series Operation Manual

1

ARP Attack Protection Configuration

When configuring ARP attack Protection, go to these sections for information you are interested in:
Configuring ARP Defense Against IP Packet Attacks
Configuring ARP Packet Rate Limit
Configuring Source MAC Address Based ARP Attack Detection
Configuring ARP Packet Source MAC Address Consistency Check
Configuring ARP Active Acknowledgement
Configuring ARP Detection
ARP Attack Protection Overview
Although ARP is easy to implement, it provides no security mechanism and thus is prone to network
attacks. An attacker can send
ARP packets by acting as a trusted user or gateway. As a result, the receiving device obtains
incorrect ARP entries, and thus a communication failure occurs.
A large number of IP packets with unreachable destinations. As a result, the receiving device
continuously resolves destination IP addresses and thus its CPU is overloaded.
A large number of ARP packets to bring a great impact to the CPU.
For details about ARP attack features and types, refer to ARP Attack Protection Technology White
Paper.
Currently, ARP attacks and viruses are threatening LAN security. The device can provide multiple
features to detect and prevent such attacks. This chapter mainly introduces these features.
ARP Attack Protection Configuration Task List
Complete the following tasks to configure ARP attack Protection:
Flood
prevention
Task
Configuring ARP Source
Suppression
Configuring
ARP Defense
Against IP
Packet Attacks
Enabling ARP Black
Hole Routing
Configuring ARP Packet Rate Limit
Configuring Source MAC Address Based
ARP Attack Detection
Optional
Configure this function on gateways
(recommended).
Optional
Configure this function on gateways
(recommended).
Optional
Configure this function on access
devices (recommended).
Optional
Configure this function on gateways
(recommended).
1-1
Remarks