Configuring Arp Anti-Attack; Establishing The Configuration Task - Huawei Quidway S9300 Configuration Manual

Terabit routing switch v100r001c03

Hide thumbs Also See for Quidway S9300:

Configuration manual - network management (630 pages)

Configuration manual (603 pages)

Configuration manual - multicast (262 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

page of 178

/ 178
Contents
Table of Contents
Bookmarks

Table of Contents

Quidway S9300 Terabit Routing Switch

Configuration Guide - Security

Example

Run the display arp learning strict command, and you can view the configuration of strict ARP

entry learning.

<Quidway> display arp learning strict

The global configuration:arp learning strict

interface

------------------------------------------------------------

Vlanif100

Vlanif200

------------------------------------------------------------

Total:2

force-enable:1

force-disable:1

Run the display arp-limit [ interface interface-type interface-number ] [ vlan vlan-id ]

command, and you can view the maximum number of ARP entries that can be learned by an

interface or a VLAN.

<Quidway> display arp-limit interface GigabitEthernet 1/0/10

interface

---------------------------------------------------------------------------

GigabitEthernet1/0/10

---------------------------------------------------------------------------

Total:8

<Quidway> display arp-limit vlan 3

interface

---------------------------------------------------------------------------

GigabitEthernet1/0/10

---------------------------------------------------------------------------

4.4 Configuring ARP Anti-Attack

This section describes how to configure the ARP anti-attack function.

4.4.1 Establishing the Configuration Task

4.4.2 Preventing the ARP Address Spoofing Attack

4.4.3 Preventing the ARP Gateway Duplicate Attack

4.4.4 Preventing the Man-in-the-Middle Attack

4.4.5 (Optional) Configuring the S9300 to Discard Gratuitous ARP Packets

4.4.6 Configuring DHCP to Trigger ARP Learning

4.4.7 Enabling Log and Alarm Functions for Potential Attacks

4.4.8 Checking the Configuration

4.4.1 Establishing the Configuration Task

Issue 01 (2009-07-28)

LimitNum

1000

LimitNum

1000

Huawei Proprietary and Confidential

LearningStrictState

force-disable

force-enable

VlanID

LearnedNum(Mainboard)

VlanID

LearnedNum(Mainboard)

4 ARP Security Configuration

4-7

Table of Contents

Configuring Arp Anti-Attack; Establishing The Configuration Task - Huawei Quidway S9300 Configuration Manual

4.4 Configuring ARP Anti-Attack

4.4.1 Establishing the Configuration Task

Related Manuals for Huawei Quidway S9300

Related Content for Huawei Quidway S9300

Table of Contents