Enabling Arp Source Mac Address Consistency Check; Arp Attack Defense Configuration Example I; Network Requirements; Network Diagram - 3Com 4210 9-Port Configuration Manual
Switch 4210 family
Hide thumbs
Also See for 4210 9-Port:
- Configuration manual (567 pages) ,
- Getting started (80 pages) ,
- Datasheet (8 pages)
Table of Contents
Advertisement
If they are consistent, the packet passes the check and the switch learns the ARP entry.
If they are not consistent, the ARP packet is considered invalid and the corresponding ARP entry is
not learned.
Enabling ARP Source MAC Address Consistency Check
To do...
Enter system view
Enable ARP source MAC
address consistency check
ARP Attack Defense Configuration Example I
Network Requirements
Host A and Host B are connected to Gateway through an access switch (Switch). The IP and MAC
addresses of Gateway are 192.168.100.1/24 and 000D-88F8-528C. To prevent gateway spoofing
attacks from Host A and Host B, configure ARP packet filtering based on the gateway's IP and MAC
addresses on Switch.
Network Diagram
Figure 1-2 Network diagram for ARP attack defense I
Gateway
Eth1/0/2
Switch
Host A
Configuration Procedures
# Enter system view.
<Switch> system-view
# Configure ARP packet filtering based on the gateway's IP and MAC addresses on Ethernet 1/0/1.
[Switch] interface Ethernet 1/0/1
[Switch-Ethernet1/0/1] arp filter binding 192.168.100.1 000d-88f8-528c
[Switch-Ethernet1/0/1] quit
Use the command...
system-view
arp anti-attack valid-check
enable
Vlan-int 1
192.168.100.1/24
MAC:000D-88F8-528C
Eth1/0/1
Eth1/0/3
Host B
—
Required
Disabled by default.
5
Remarks
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
Need help?
Do you have a question about the 4210 9-Port and is the answer not in the manual?