HP 6125XLG Configuration Manual page 185
Blade switch security configuration guide
Hide thumbs
Also See for 6125XLG:
- Layer 3 - ip routing configuration manual (492 pages) ,
- Command reference manual (466 pages) ,
- Configuration manual (414 pages)
Table of Contents
Advertisement
Figure 62 Network diagram
ARP attack protection
Host A
Configuration considerations
An attacker may forge a large number of ARP packets by using the MAC address of a valid host as the
source MAC address. To prevent such attacks, configure the gateway in the following steps:
1.
Enable source MAC-based ARP attack detection and specify the handling method as filter.
2.
Set the threshold.
3.
Set the lifetime for ARP attack entries.
4.
Exclude the MAC address of the server from this detection.
Configuration procedure
# Enable source MAC address-based ARP attack detection, and specify the handling method as filter.
<Device> system-view
[Device] arp source-mac filter
# Set the threshold to 30.
[Device] arp source-mac threshold 30
# Set the lifetime for ARP attack entries to 60 seconds.
[Device] arp source-mac aging-time 60
# Exclude MAC address 0012-3f86-e94c from this detection.
[Device] arp source-mac exclude-mac 0012-3f86-e94c
IP network
Gateway
Device
Host B
Host C
176
Server
0012-3f 86-e 94c
Host D
Advertisement
Table of Contents
Troubleshooting
