Arp Gateway Protection Configuration Example; Configuring Arp Filtering - HP 6600 Security Configuration Manual
Hide thumbs
Also See for 6600:
- Command reference manual (286 pages) ,
- Configuration manual (236 pages) ,
- Installation and getting started manual (103 pages)
Table of Contents
Advertisement
ARP gateway protection configuration example
Network requirements
As shown in
Router B intends to send to Router A is sent to Host B.
Configure Router B to block such attacks.
Figure 254 Network diagram
Configuration procedure
# Configure ARP gateway protection on Router B.
<RouterB> system-view
[RouterB] interface gigabitethernet 3/0/1
[RouterB-GigabitEthernet3/0/1] arp filter source 10.1.1.1
[RouterB-GigabitEthernet3/0/1] quit
[RouterB] interface gigabitethernet 3/0/2
[RouterB-GigabitEthernet3/0/2] arp filter source 10.1.1.1
After the configuration is complete, Router B discards the ARP packets whose source IP address is that of
the gateway.
Configuring ARP filtering
NOTE:
This feature is supported only when SAP modules operate in bridge mode.
The ARP filtering feature can prevent gateway spoofing and user spoofing attacks.
An interface enabled with this feature checks the sender IP and MAC addresses in a received ARP packet
against permitted entries. If a match is found, the packet is handled correctly. If not, the packet is
discarded.
Follow these guidelines when you configure ARP filtering:
You can configure up to eight permitted entries on an interface.
•
Figure
254, Host B launches gateway spoofing attacks to Router B. As a result, traffic that
525
Advertisement
Table of Contents
Troubleshooting
