Configuring Interface-Based Arp Entry Restriction - Huawei Quidway S3700 Series Configuration Manual
Hide thumbs
Also See for Quidway S3700 Series:
- Configuration manual (398 pages) ,
- Quick start manual (70 pages) ,
- Manual (69 pages)
Table of Contents
Advertisement
Quidway S3700 Series Ethernet Switches
Configuration Guide - Security
Procedure
l
l
----End
4.5.3 Configuring Interface-based ARP Entry Restriction
Context
If attackers occupy a large number of ARP entries, the S3700 cannot learn ARP entries of
authorized users. To prevent such attacks, you can set the maximum number of ARP entries that
can be dynamically learned by an interface.
Procedure
l
Issue 01 (2011-07-15)
Configuring strict ARP entry learning globally
1.
Run:
system-view
The system view is displayed.
2.
Run:
arp learning strict
Strict ARP learning is enabled.
By default, strict ARP learning is enabled on the S3700.
Configuring strict ARP entry learning on a VLANIF interface
1.
Run:
system-view
The system view is displayed.
2.
Run:
interface vlanif interface-number
The VLANIF interface view is displayed.
3.
Run:
arp learning strict { force-enable | force-disable | trust }
The strict ARP entry learning function is enabled on the VLANIF interface.
– force-enable: enables strict ARP entry learning on a VLANIF interface.
– force-disable: disables strict ARP entry learning on a VLANIF interface.
– trust: indicates that the configuration of strict ARP entry learning on a VLANIF
interface is the same as that configured globally.
By default, the configuration of strict ARP entry learning on a VLANIF interface is
the same as that configured globally.
Configuring interface-based ARP entry restriction on the interface
1.
Run:
system-view
The system view is displayed.
2.
Run:
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4 ARP Security Configuration
152
Advertisement
Table of Contents
