Configuration Example; Configuring Arp Filtering - HP FlexFabric 5930 Series Security Configuration Manual
Hide thumbs
Also See for FlexFabric 5930 Series:
- Configuration manuals (467 pages) ,
- Command reference manual (87 pages) ,
- Installation manual (73 pages)
Table of Contents
Advertisement
Step
3.
Enable ARP gateway protection
for the specified gateway.
Configuration example
Network requirements
As shown in
Switch B intends to send to Switch A is sent to Host B.
Configure Switch B to block such attacks.
Figure 49 Network diagram
Configuration procedure
# Configure ARP gateway protection on Switch B.
<SwitchB> system-view
[SwitchB] interface fortygige 1/0/1
[SwitchB-FortyGigE1/0/1] arp filter source 10.1.1.1
[SwitchB-FortyGigE1/0/1] quit
[SwitchB] interface fortygige 1/0/2
[SwitchB-FortyGigE1/0/2] arp filter source 10.1.1.1
After the configuration is complete, FortyGigE 1/0/1 and FortyGigE 1/0/2 discard the incoming ARP
packets whose sender IP address is the IP address of the gateway.
Configuring ARP filtering
The ARP filtering feature can prevent gateway spoofing and user spoofing attacks.
An interface enabled with this feature checks the sender IP and MAC addresses in a received ARP packet
against permitted entries. If a match is found, the packet is handled correctly. If not, the packet is
discarded.
Figure
49, Host B launches gateway spoofing attacks to Switch B. As a result, traffic that
Command
arp filter source ip-address
165
Remarks
By default, ARP gateway
protection is disabled.
Advertisement
Table of Contents
Troubleshooting
