Source Mac Address-Based Arp Attack Detection Configuration Example - HP A5830 Series Configuration Manual
Security switch
Hide thumbs
Also See for A5830 Series:
- Command reference manual (249 pages) ,
- Configuration manual (246 pages) ,
- Configuration manual (152 pages)
Table of Contents
Advertisement
Source MAC address-based ARP attack detection configuration
example
Network requirements
As shown in
a large number of ARP requests to the gateway, the gateway may crash and cannot process requests
from the clients. To solve this problem, configure source MAC address-based ARP attack detection on the
gateway.
Figure 74 Network diagram for configuring source MAC address-based ARP attack detection
ARP attack protection
Host A
Configuration considerations
An attacker may forge a large number of ARP packets by using the MAC address of a valid host as the
source MAC address. To prevent such attacks, configure the gateway as follows:
Enable source MAC address-based ARP attack detection, and specify the filter mode.
1.
Set the threshold.
2.
Set the age timer for detection entries.
3.
Configure the MAC address of the server as a protected MAC address so that it can send ARP
4.
packets.
Configuration procedure
# Enable source MAC address-based ARP attack detection, and specify the filter mode.
<Device> system-view
[Device] arp anti-attack source-mac filter
# Set the threshold to 30.
[Device] arp anti-attack source-mac threshold 30
# Set the age timer for detection entries to 60 seconds.
Figure
74, the hosts access the Internet through a gateway (Device). If malicious users send
IP network
Host B
Gateway
Device
Host C
228
Server
0012-3f 86-e 94c
Host D
Advertisement
Table of Contents
Troubleshooting
