•
You can enable ARP gateway protection for a maximum of eight gateways on an interface.
•
Do not configure both the arp filter source and arp filter binding commands on an interface.
•
If ARP gateway protection works with ARP detection, MFF, and ARP snooping, ARP gateway
protection applies first.
Configuration procedure
To configure ARP gateway protection:
Step
1.
Enter system view.
2.
Enter Layer 2 Ethernet interface
or Layer 2 aggregate interface
view.
3.
Enable ARP gateway protection
for the specified gateway.
Configuration example
Network requirements
As shown in
Switch B intends to send to Switch A is sent to Host B.
Configure Switch B to block such attacks.
Figure 55 Network diagram
Configuration procedure
# Configure ARP gateway protection on Switch B.
<SwitchB> system-view
[SwitchB] interface fortygige 1/0/1
[SwitchB-FortyGigE1/0/1] arp filter source 10.1.1.1
[SwitchB-FortyGigE1/0/1] quit
[SwitchB] interface fortygige 1/0/2
Figure
55, Host B launches gateway spoofing attacks to Switch B. As a result, traffic that
Command
system-view
interface interface-type
interface-number
arp filter source ip-address
198
Remarks
N/A
N/A
By default, ARP gateway
protection is disabled.