Configuration Examples; Example For Configuring Arp Security Functions - Huawei Quidway S3700 Series Configuration Manual

Quidway S3700 Series Ethernet Switches
Configuration Guide - Security
The interval for sending an ARP alarm an log is set for potential attacks.
The log and alarm functions for potential attacks take effect for all the ARP packets.
time specifies the interval for writing an ARP log and sending an alarm. By default, the value is
0, indicating that log and alarm functions are disabled.
----End

4.7 Configuration Examples

This section provides several configuration examples of ARP security.

4.7.1 Example for Configuring ARP Security Functions

Networking Requirements
As shown in
connected to four users in VLAN 10 and VLAN 20 through Ethernet 0/0/1 and Ethernet 0/0/2.
There are the following ARP attacks on the network:
l
l
l
l
It is required that ARP security functions be configured on the Switch to prevent the preceding
attacks. The suppression rate of ARP Miss packets set on the server should be greater than the
suppression rate of other users.
Issue 01 (2011-07-15)
Figure 4-1, the Switch is connected to a server through Ethernet 0/0/3 and is
The server may send several packets with an unreachable destination IP address, and the
number of these packets is larger than the number of packets from common users.
After virus attacks occur on User 1, a large number of ARP packets are sent. Among these
packets, the source IP address of certain ARP packets changes on the local network segment
and the source IP address of certain ARP packets is the same as the IP address of the
gateway.
User 3 constructs a large number of ARP packets with a fixed IP address to attack the
network.
User 4 constructs a large number of ARP packets with an unreachable destination IP address
to attack the network.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4 ARP Security Configuration
160