Arp/Ip Attack Defense Configuration Example Iii - H3C S3100 Series Operation Manual
H3c s3100 series ethernet switches operation manual
Hide thumbs
Also See for S3100 Series:
- Command manual (1244 pages) ,
- Installation manual (94 pages) ,
- Operation manual (32 pages)
Table of Contents
Advertisement
[SwitchA-Vlan-interface1] arp max-learning-num 500
[SwitchA-Vlan-interface1] quit
ARP/IP Attack Defense Configuration Example III
Network Requirements
Host A is assigned with an IP address statically and installed with an 802.1x client.
A CAMS authentication, authorization and accounting server serves as the authentication server.
Enable ARP attack detection and IP filtering based on bindings of authenticated 802.1x clients on
the switch to prevent ARP attacks.
Network Diagram
Figure 1-4 Network diagram for 802.1x based ARP/IP attack defense
Configuration Procedures
# Enter system view.
<Switch> system-view
# Enable 802.1x authentication globally.
[Switch] dot1x
# Enable ARP attack detection for VLAN 1.
[Switch] vlan 1
[Switch-vlan1] arp detection enable
[Switch-vlan1] quit
# Configure Ethernet 1/0/2 and Ethernet 1/0/3 as ARP trusted ports.
[Switch] interface Ethernet1/0/2
[Switch-Ethernet1/0/2] arp detection trust
[Switch-Ethernet1/0/2] quit
[Switch] interface Ethernet1/0/3
[Switch-Ethernet1/0/3] arp detection trust
[Switch-Ethernet1/0/3] quit
# Enable using IP-MAC bindings of authenticated 802.1x clients for ARP attack detection.
[Switch] ip source static import dot1x
# Enable 802.1x on Ethernet 1/0/1.
7
Advertisement
Chapters
Table of Contents
Troubleshooting
