Optional) Configuring The S9300 To Discard Gratuitous Arp Packets - Huawei Quidway S9300 Configuration Manual

Terabit routing switch v100r001c03

Hide thumbs Also See for Quidway S9300:

Configuration manual - network management (630 pages)

Configuration manual (603 pages)

Configuration manual - multicast (262 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

page of 178

/ 178
Contents
Table of Contents
Bookmarks

Table of Contents

4 ARP Security Configuration

By default, the interfaces are not enabled with the IP source guard function.

Step 4 Run:

arp anti-attack check user-bind check-item { ip-address | mac-address | vlan }

The check items of ARP packets are configured.

By default, the check items consist of IP address, MAC address, VLAN, and interface. The

interface number of the ARP packet must be the same as the number of the interface where the

arp anti-attack check user-bind check-item command is run. The packets that do not match

the binding table are discarded.

Step 5 (Optional) Run:

arp anti-attack check user-bind alarm enable

The alarm function for the discarded ARP packets is enabled.

By default, the alarm function is disabled.

Step 6 (Optional) Run:

arp anti-attack check user-bind alarm threshold threshold

The alarm threshold of the number of ARP packets discarded because they do not match the

binding table is set.

By default, the alarm threshold is the same as the threshold set in arp anti-attack check user-

bind alarm threshold that is run in the system view. If the alarm threshold is not set in the

system view, the default threshold on the interface is 100.

----End

4.4.5 (Optional) Configuring the S9300 to Discard Gratuitous ARP

Packets

Context

If a large number of gratuitous ARP packets are sent to attack the S9300, the S9300 cannot

process valid ARP packets. You can configure the S9300 to discard the gratuitous ARP packets.

The function of discarding gratuitous ARP packets can be enabled in the system view or the

VLANIF interface view.

Procedure

4-10

If the function is enabled in the system view, all the interfaces of the S9300 discard the

gratuitous ARP packets.

If the function is enabled in the VLANIF interface view, the VLANIF interface discards

the gratuitous ARP packets.

Before enabling an interface to discard gratuitous ARP packets, you do not need to enable

the function globally.

Enabling the function of discarding gratuitous ARP packets globally

Run:

system-view

Huawei Proprietary and Confidential

Quidway S9300 Terabit Routing Switch

Configuration Guide - Security

Issue 01 (2009-07-28)

Table of Contents

Optional) Configuring The S9300 To Discard Gratuitous Arp Packets - Huawei Quidway S9300 Configuration Manual

Related Manuals for Huawei Quidway S9300

Related Content for Huawei Quidway S9300

Table of Contents