ARP attack protection configuration
This chapter includes these sections:
ARP attack protection overview
•
ARP attack protection configuration task list
•
Configuring ARP packet rate limit
•
•
Configuring source MAC address based ARP attack detection
Configuring ARP packet source MAC address consistency check
•
Configuring ARP active acknowledgement
•
Configuring ARP detection
•
Configuring ARP gateway protection
•
•
Configuring ARP filtering
ARP attack protection overview
Although ARP is easy to implement, it provides no security mechanism and is prone to network attacks.
An attacker may send:
ARP packets by acting as a trusted user or gateway so that the receiving devices obtain incorrect
•
ARP entries. As a result, network attacks occur.
A large number of IP packets with unreachable destinations. As a result, the receiving device
•
continuously resolves destination IP addresses and its CPU is overloaded.
•
A large number of ARP packets to bring a great impact to the CPU.
For more information about ARP attack features and types, see ARP Attack Protection Technology White
Paper.
ARP attacks and viruses threaten LAN security. The switch can provide multiple features to detect and
prevent such attacks. This chapter mainly introduces these features.
ARP attack protection configuration task list
Complete the following tasks to configure ARP attack protection:
Task
Flood prevention
Configuring ARP packet rate limit
Configuring source MAC address based ARP
attack detection
Remarks
Optional
Configure this function on access
devices (recommended).
Optional
Configure this function on gateways
(recommended).
304