Configuration Procedure; Configuration Example - H3C S5120-HI Security Configuration Manual
Hide thumbs
Also See for S5120-HI:
- Installation manual (76 pages) ,
- Configuration manual (20 pages) ,
- Compliance and safety manual (20 pages)
Table of Contents
Advertisement
Configuration procedure
To configure ARP gateway protection:
Step
1.
Enter system view.
2.
Enter Layer 2 Ethernet interface
view/Layer 2 aggregate interface view.
3.
Enable ARP gateway protection for a
specific gateway.
Configuration example
Network requirements
As shown in
Switch B intends to send to Switch A is sent to Host B.
Configure Switch B to block such attacks.
Figure 94 Network diagram
Configuration procedure
# Configure ARP gateway protection on Switch B.
<SwitchB> system-view
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] arp filter source 10.1.1.1
[SwitchB-GigabitEthernet1/0/1] quit
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] arp filter source 10.1.1.1
After the configuration is complete, Switch B will discard the ARP packets whose source IP address is that
of the gateway.
Figure
94, Host B launches gateway spoofing attacks to Switch B. As a result, traffic that
Command
system-view
interface interface-type
interface-number
arp filter source ip-address
336
Remarks
N/A
N/A
Disabled by default
Advertisement
Table of Contents
Troubleshooting
