Configuring Arp Defense Against Ip Packet Attacks; Configuring Arp Source Suppression - HP 4800G Series Configuration Manual

24/48 port
Table of Contents

Advertisement

User and
gateway
spoofing
prevention

Configuring ARP Defense Against IP Packet Attacks

Introduction
If a device receives large numbers of IP packets from a host to unreachable destinations,
The device sends large numbers of ARP requests to the destination subnets, which increases the
load of the destination subnets.
The device keeps trying to resolve destination IP addresses, which increases the load of the CPU.
To protect the device from IP packet attacks, you can enable the ARP source suppression function or
ARP black hole routing function.
If the packets have the same source address, you can enable the ARP source suppression function.
With the function enabled, whenever the number of ARP requests triggered by the packets with
unresolvable destination IP addresses from a host within five seconds exceeds a specified threshold,
the device suppresses the sending host from triggering any ARP requests within the following five
seconds.
If the packets have various source addresses, you can enable the ARP black hole routing function. After
receiving an IP packet whose destination IP address cannot be resolved by ARP, the device with this
function enabled immediately creates a black hole route and simply drops all packets matching the
route during the aging time of the black hole route.

Configuring ARP Source Suppression

Follow these steps to configure ARP source suppression:
To do...
Enter system view
Enable ARP source suppression
Set the maximum number of packets
with the same source IP address but
unresolvable destination IP
addresses that the device can
receive in five consecutive seconds
Task
Configuring ARP Packet Source MAC
Address Consistency Check
Configuring ARP Active Acknowledgement
Configuring ARP Detection
system-view
arp source-suppression enable
arp source-suppression limit
limit-value
Optional
Configure this function on gateways
(recommended).
Optional
Configure this function on gateways
(recommended).
Optional
Configure this function on access
devices (recommended).
Use the command...
1-2
Remarks
Remarks
Required
Disabled by default.
Optional
10 by default.

Advertisement

Chapters

Table of Contents
loading

Table of Contents