Software Versions Used; Procedures; Verifying The Configuration - H3C S12500R Series Configuration Examples
Switch router attack protection configuration examples
Hide thumbs
Also See for S12500R Series:
- Installation manual (102 pages) ,
- Hardware reference manual (69 pages) ,
- Installation, quick start (33 pages)
Table of Contents
Advertisement
Figure 2 Network diagram
Software versions used
This configuration example was created and verified on Release 3606.
Procedures
# Specify IP addresses for interfaces. (Details not shown.)
# Enable ARP source suppression.
<Device> system-view
[Device] arp source-suppression enable
# Configure the device to accept a maximum of 8 unresolvable packets per source IP address in 5
seconds.
[Device] arp source-suppression limit 8
# Enable ARP black hole routing to prevent unresolvable IP packet attacks.
[Device] arp resolving-route enable
# Enable ARP active acknowledgment to prevent user spoofing.
[Device] arp active-ack enable
# Configure source MAC-based ARP attack detection to prevent ARP packet attacks from the same
source MAC.
[Device] arp source-mac filter
[Device] arp source-mac threshold 25
# Enable ARP packet source MAC address consistency check to prevent attacks from ARP packets
with different source MAC addresses in the Ethernet header and in the message body.
[Device] arp valid-check enable
Verifying the configuration
1.
Verify that ARP attack protection functions on the device:
# Send ARP attack packets to the device. (Details not shown.)
Network
Device
7
Advertisement
Table of Contents
