Configuration Examples; Example For Configuring Arp Security Functions; Figure 4-1 Networking Diagram For Configuring Arp Security Functions - Huawei Quidway S9300 Configuration Manual

Terabit routing switch v100r001c03

Hide thumbs Also See for Quidway S9300:

Configuration manual - network management (630 pages)

Configuration manual (603 pages)

Configuration manual - multicast (262 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

page of 178

/ 178
Contents
Table of Contents
Bookmarks

Table of Contents

4 ARP Security Configuration

----End

4.7 Configuration Examples

This section provides several configuration examples of ARP security.

4.7.1 Example for Configuring ARP Security Functions

4.7.2 Example for Configuring ARP Anti-Attack to Prevent Man-in-the-Middle Attacks

4.7.1 Example for Configuring ARP Security Functions

Networking Requirements

As shown in

to four users in VLAN 10 and VLAN 20 through GE 1/0/1 and GE 1/0/2. There are the following

ARP attacks on the network:

It is required that ARP security functions be configured on the S9300 to prevent the preceding

attacks. The suppression rate of ARP Miss packets set on the server should be greater than the

suppression rate of other users.

Figure 4-1 Networking diagram for configuring ARP security functions

Server

VLAN10

4-20

Run the debugging arp process [ slot slot-id | interface interface-type interface-

number ] command to debug the processing of ARP packets.

Figure

4-1, the S9300 is connected to a server through GE 1/0/3 and is connected

The server may send several packets with an unreachable destination IP address, and the

number of these packets is larger than the number of packets from common users.

After virus attacks occur on User 1, a large number of ARP packets are sent. Among these

packets, the source IP address of certain ARP packets changes on the local network segment

and the source IP address of certain ARP packets is the same as the IP address of the

gateway.

User 3 constructs a large number of ARP packets with a fixed IP address to attack the

network.

User 4 constructs a large number of ARP packets with an unreachable destination IP address

to attack the network.

GE1/0/3

GE1/0/1

User1

User2

Huawei Proprietary and Confidential

S9300

GE1/0/2

VLAN20

User4

User3

Quidway S9300 Terabit Routing Switch

Configuration Guide - Security

Issue 01 (2009-07-28)

Table of Contents

Configuration Examples; Example For Configuring Arp Security Functions; Figure 4-1 Networking Diagram For Configuring Arp Security Functions - Huawei Quidway S9300 Configuration Manual

4.7 Configuration Examples

4.7.1 Example for Configuring ARP Security Functions

Figure 4-1 Networking diagram for configuring ARP security functions

Related Manuals for Huawei Quidway S9300

Related Content for Huawei Quidway S9300

Table of Contents