Configuration Example - HPE FlexFabric 7900 Series Security Configuration Manual
Hide thumbs
Also See for FlexFabric 7900 Series:
- Layer 3 ip routing command reference (414 pages) ,
- Security configuration manual (323 pages) ,
- Security command reference (320 pages)
Table of Contents
Advertisement
Configuration example
Network requirements
As shown in
VLAN 20. Each area connects to the gateway (Device) through an access switch.
A large number of ARP requests are detected in the office area and are considered as the
consequence of an unresolvable IP attack. To prevent the attack, configure ARP source suppression
or ARP blackhole routing.
Figure 52 Network diagram
Host A
Configuration procedure
•
If the attack packets have the same source address, configure ARP source suppression:
# Enable ARP source suppression.
<Device> system-view
[Device] arp source-suppression enable
# Set the maximum number of unresolvable packets that can be received from a host in 5
seconds to 100.
[Device] arp source-suppression limit 100
•
If the attack packets have different source addresses, configure ARP blackhole routing:
# Enable ARP blackhole routing.
[Device] arp resolving-route enable
# Configure the device to probe ARP blackhole routes every 2 seconds.
[Device] arp resolving-route probe-interval 2
# Configure the device to perform five ARP blackhole route probes for each unresolved IP
address.
[Device] arp resolving-route probe-count 5
Figure
52, a LAN contains two areas: an R&D area in VLAN 10 and an office area in
IP network
Gateway
Device
VLAN 10
Host B
R&D
ARP attack protection
VLAN 20
Host C
Office
187
Host D
Advertisement
Table of Contents
Troubleshooting
