Preventing The Arp Address Spoofing Attack; Preventing The Arp Gateway Duplicate Attack - Huawei Quidway S3700 Series Configuration Manual
Hide thumbs
Also See for Quidway S3700 Series:
- Configuration manual (398 pages) ,
- Quick start manual (70 pages) ,
- Manual (69 pages)
Table of Contents
Advertisement
Quidway S3700 Series Ethernet Switches
Configuration Guide - Security
----End
4.5.4 Preventing the ARP Address Spoofing Attack
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
arp anti-attack entry-check { fixed-mac | fixed-all | send-ack } enable
The ARP anti-spoofing function is enabled.
You can use only one ARP anti-spoofing mode. If an ARP anti-spoofing mode is already used,
the latest configuration overrides the previous configuration.
By default, the ARP anti-spoofing function is disabled on the S3700.
----End
4.5.5 Preventing the ARP Gateway Duplicate Attack
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
arp anti-attack gateway-duplicate enable
The ARP anti-attack function for preventing ARP packets with the bogus gateway address is
enabled.
After the ARP gateway-duplicate anti-attack function is enabled, the S3700 generates ARP anti-
attack entries and discards the packets with the same source MAC address in the Ethernet header
Issue 01 (2011-07-15)
interface interface-type interface-number
The interface view is displayed.
3.
On the non-VLANIF interface, run:
arp-limit [ vlan vlan-id1 [ to vlan-id2 ]] maximum maximum
Interface-based ARP entry restriction is configured on the interface.
On the VLANIF interface, run:
arp-limit maximum maximum
Interface-based ARP entry restriction is configured on the interface.
On the non-VLANIF interface, vlan vlan-id1 must be specified.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4 ARP Security Configuration
153
Advertisement
Table of Contents
