Configuring Arp Anti-Spoofing; Establishing The Configuration Task - Huawei Quidway S3700 Series Configuration Manual
Hide thumbs
Also See for Quidway S3700 Series:
- Configuration manual (398 pages) ,
- Quick start manual (70 pages) ,
- Manual (69 pages)
Table of Contents
Advertisement
Quidway S3700 Series Ethernet Switches
Configuration Guide - Security
Interface configuration:
Vlan configuration:
-------------------------------------------------------------------------------
ARP miss rate-limit configuration:
-------------------------------------------------------------------------------
Global configuration:
Interface configuration:
Vlan configuration:
-------------------------------------------------------------------------------
ARP speed-limit for source-MAC configuration:
MAC-address
-------------------------------------------------------------------------------
All
-------------------------------------------------------------------------------
0 specified MAC addresses are configured, spec is 256 items.
ARP speed-limit for source-IP configuration:
IP-address
-------------------------------------------------------------------------------
All
-------------------------------------------------------------------------------
0 specified IP addresses are configured, spec is 256 items.
ARP miss speed-limit for source-IP configuration:
IP-address
-------------------------------------------------------------------------------
All
-------------------------------------------------------------------------------
0 specified IP addresses are configured, spec is 256 items.
Run the display arp anti-attack configuration arp-speed-limit command, and you can view
the rate limit of ARP packets based on the source address.
<Quidway> display arp anti-attack configuration arp-speed-limit
ARP speed-limit for source-IP configuration:
IP-address
------------------------------------------------------------------------
10.0.0.20
Others
------------------------------------------------------------------------
1 specified IP addresses are configured, spec is 256 items.
Run the display arp anti-attack configuration arpmiss-speed-limit command, and you can
view the rate limit of ARP Miss packets based on the source address.
<Quidway> display arp anti-attack configuration arpmiss-speed-limit
ARP miss speed-limit for source-IP configuration:
IP-address
------------------------------------------------------------------------
10.0.0.30
Others
------------------------------------------------------------------------
1 specified IP addresses are configured, spec is 256 items.
4.5 Configuring ARP Anti-Spoofing
ARP spoofing attacks include ARP entry attack, gateway attack, and man-in-the-middle attack.
The S3700 provides measures to defend against these attacks.
4.5.1 Establishing the Configuration Task
This section describes the applicable scenario, pre-conditions, and data plan for the ARP anti-
spoofing function.
Issue 01 (2011-07-15)
suppress-rate(pps)(rate=0 means function disabled)
0
suppress-rate(pps)(rate=0 means function disabled)
5
suppress-rate(pps)(rate=0 means function disabled)
5
suppress-rate(pps)(rate=0 means function disabled)
400
0
suppress-rate(pps)(rate=0 means function disabled)
400
0
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4 ARP Security Configuration
149
Advertisement
Table of Contents
