H3C Low-End Ethernet Switches Configuration Examples
ARP Attack Prevention
2.2.2 Network Diagram
Figure 2-3 Network diagram for ARP attack prevention in authentication mode
2.2.3 Configuration Considerations
Install 802.1x client software on the hosts so that the hosts need to pass 802.1x
authentications before accessing the network.
Configure 802.1x and AAA on Switch A and Switch B.
Configure the gateway's IP-to-MAC binding on the CAMS server which will
provide the binding to clients for preventing gateway spoofing attacks.
2.2.4 Configuration Procedures
I. Configure Switch A
# Create VLAN 10, and add Ethernet 1/0/1 through Ethernet 1/0/3 into VLAN 10.
<SwitchA> system-view
[SwitchA] vlan 10
[SwitchA-vlan10] port Ethernet 1/0/1 to Ethernet 1/0/3
[SwitchA-vlan10] quit
# Configure RADIUS scheme cams and specify a primary authentication server.
[SwitchA] radius scheme cams
[SwitchA-radius-cams] primary authentication 10.10.1.1
[SwitchA-radius-cams] accounting optional
Chapter 2 Configuration Examples
2-8