Arp Attack Defense Configuration Example Iii - H3C S5600 Series Operation Manual

ARP Attack Defense Configuration Example II
Network Requirements
As shown in Figure
(Switch). The IP and MAC addresses of Gateway are 192.168.100.1/24 and 000D-88F8-528C. To
prevent gateway spoofing attacks from Host A and Host B, configure ARP packet filtering based on the
gateway's IP and MAC addresses on Switch.
Network Diagram
Figure 2-4 Network diagram for defense against gateway spoofing
Configuration Procedures
# Enter system view.
<Switch> system-view
# Configure ARP packet filtering based on the gateway's IP and MAC addresses on GigabitEthernet
1/0/1.
[Switch] interface GigabitEthernet 1/0/1
[Switch-GigabitEthernet1/0/1] arp filter binding 192.168.100.1 000d-88f8-528c
[Switch-GigabitEthernet1/0/1] quit
# Configure ARP packet filtering based on the gateway's IP address on GigabitEthernet 1/0/2.
[Switch] interface GigabitEthernet 1/0/2
[Switch-GigabitEthernet1/0/2] arp filter source 192.168.100.1
[Switch-GigabitEthernet1/0/2] quit
# Configure ARP packet filtering based on the gateway's IP address on GigabitEthernet 1/0/3.
[Switch] interface GigabitEthernet 1/0/3
[Switch-GigabitEthernet1/0/3] arp filter source 192.168.100.1
[Switch-GigabitEthernet1/0/3] quit

ARP Attack Defense Configuration Example III

Network Requirements
As shown in Figure
switch (Switch B). To prevent ARP attacks such as ARP flooding:
2-4, Host A and Host B are connected to Gateway through an access switch
2-5, Host A and Host B are connected to Gateway (Switch A) through a Layer 2
2-10