Arp Attack Protection Configuration; Arp Attack Protection Overview; Arp Attack Protection Configuration Task List - 3Com S7906E Configuration Manual

S7900e family release 6600 series

Hide thumbs Also See for S7906E:

Table of Contents

ARP Attack Protection Configuration

When configuring ARP attack Protection, go to these sections for information you are interested in:

Configuring ARP Defense Against IP Packet Attacks

Configuring ARP Active Acknowledgement

Configuring Source MAC Address Based ARP Attack Detection

Configuring ARP Packet Rate Limit

Configuring ARP Detection

Although ARP is easy to implement, it provides no security mechanism and thus is prone to network

attacks. An attacker can send

ARP packets by acting as a trusted user or gateway. As a result, the receiving device obtains

incorrect ARP entries, and thus a communication failure occurs.

A large number of IP packets with unreachable destinations. As a result, the receiving device

continuously resolves destination IP addresses and thus its CPU is overloaded.

A large number of ARP packets to bring a great impact to the CPU.

For details about ARP attack features and types, refer to ARP Attack Protection Technology White

Currently, ARP attacks and viruses are threatening LAN security. The device can provide multiple

features to detect and prevent such attacks. This chapter mainly introduces these features.

Complete the following tasks to configure ARP attack Protection:

Flood prevention

Configuring ARP Active Acknowledgement

Configuring Source MAC Address Based

ARP Attack Detection

Configuring ARP Packet Rate Limit

Configuring ARP Detection

Configuring ARP

Source Suppression

Enabling ARP Black

Hole Routing