Maintenance; Configuring Anti-Arp Attack; Preparing For Configurations; Configuring Arp - Raisecom ISCOM2600G-HI (A) Series Configuration Manual

Raisecom
ISCOM2600G-HI (A) Series Configuration Guide
1

10.10.4 Maintenance

Maintain the ISCOM2600G-HI series switch as below.
Raisecom(config)#clear cpu-protect car { arp | bpdu |
dhcp | global | icmp | igmp | lldp | mld | stp }
statistics

10.11 Configuring anti-ARP attack

10.11.1 Preparing for configurations

Scenario
ARP is simple and easy to use, but vulnerable to attacks due to no security mechanism.
Attackers can forge ARP packets from users or gateways. When they send excessive IP
packets, whose IP addresses cannot be resolved, to the ISCOM2600G-HI series switch, they
will cause the following harms:


To prevent theses harms due to attacks on IP packets, the ISCOM2600G-HI series switch
supports anti-ARP attack.
Prerequisite
N/A

10.11.2 Configuring ARP

Configure ARP for the ISCOM2600G-HI series switch as below.
Step
1
2
No.
Raisecom#show cpu-protect car statistics
interface-type interface-number
[
The ISCOM2600G-HI series switch sends excessive ARP request packets to the
destination network segment, so this network segment is overburdened.
The ISCOM2600G-HI series switch repeatedly resolve destination IP addresses, so the
CPU is overburdened.
Command
Raisecom#config
Raisecom(config)#interface vlan
vlan-id
Raisecom Proprietary and Confidential
Copyright © Raisecom Technology Co., Ltd.
Command
Command
Description
Show CPU CAR
] [ dynamic ]
statistics.
Description
Clear global CPU
CAR statistics.
Description
Enter global configuration mode.
Enter VLAN interface configuration
mode.
10 Security
453