Configuration Example - HP MSR2000 Configuration Manual
Hide thumbs
Also See for MSR2000:
- Configuration manual (455 pages) ,
- Manual (73 pages) ,
- High availability configuration manual (91 pages)
Table of Contents
Advertisement
Task
Display ARP attack entries detected by source
MAC-based ARP attack detection (MSR4000).
Configuration example
Network requirements
As shown in
a large number of ARP requests to the gateway, the gateway might crash and cannot process requests
from the clients. To solve this problem, configure source MAC-based ARP attack detection on the
gateway.
Figure 78 Network diagram
ARP attack protection
Host A
Configuration considerations
An attacker might forge a large number of ARP packets by using the MAC address of a valid host as the
source MAC address. To prevent such attacks, configure the gateway in the following steps:
1.
Enable source MAC-based ARP attack detection and specify the handling method as filter.
2.
Set the threshold.
3.
Set the lifetime for ARP attack entries.
4.
Exclude the MAC address of the server from this detection.
Configuration procedure
# Enable source MAC-based ARP attack detection, and specify the handling method as filter.
<Device> system-view
[Device] arp source-mac filter
Figure
78, the hosts access the Internet through a gateway (Device). If malicious users send
IP network
Host B
Command
display arp source-mac { slot slot-number | interface
interface-type interface-number }
Gateway
Device
Host C
277
Server
0012-3f 86-e 94c
Host D
Advertisement
Table of Contents
Troubleshooting
