Configuration Example - HPE FlexNetwork 7500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 7500 Series:
- Security configuration manual (506 pages) ,
- Command reference manual (474 pages) ,
- Network management and monitoring command reference (430 pages)
Table of Contents
Advertisement
Task
(In IRF mode.) Display ARP attack entries
detected by source MAC-based ARP attack
detection.
Configuration example
Network requirements
As shown in
send a large number of ARP requests to the gateway, the gateway might crash and cannot process
requests from the clients. To solve this problem, configure source MAC-based ARP attack detection
on the gateway.
Figure 122 Network diagram
ARP attack protection
Host A
Configuration considerations
An attacker might forge a large number of ARP packets by using the MAC address of a valid host as
the source MAC address. To prevent such attacks, configure the gateway in the following steps:
1.
Enable source MAC-based ARP attack detection and specify the handling method as filter.
2.
Set the threshold.
3.
Set the lifetime for ARP attack entries.
4.
Exclude the MAC address of the server from this detection.
Configuration procedure
# Enable source MAC-based ARP attack detection, and specify the handling method as filter.
<Device> system-view
[Device] arp source-mac filter
# Set the threshold to 30.
[Device] arp source-mac threshold 30
Figure
122, the hosts access the Internet through a gateway (Device). If malicious users
IP network
Host B
Command
display arp source-mac { chassis chassis-number slot
slot-number | interface interface-type interface-number }
Gateway
Device
Host C
420
Server
0012-3f 86-e 94c
Host D
Advertisement
Table of Contents
Troubleshooting
