Arp/Ip Attack Defense Configuration Example Iii; Network Requirements; Network Diagram; Configuration Procedures - 3Com 4210 9-Port Configuration Manual
Switch 4210 family
Hide thumbs
Also See for 4210 9-Port:
- Configuration manual (567 pages) ,
- Getting started (80 pages) ,
- Datasheet (8 pages)
Table of Contents
Advertisement
# Configure the maximum number of ARP entries that can be learned by VLAN-interface 1 as 500.
[SwitchA-Vlan-interface1] arp max-learning-num 500
[SwitchA-Vlan-interface1] quit
ARP/IP Attack Defense Configuration Example III
Network Requirements
Host A is assigned with an IP address statically and installed with an 802.1x client.
A CAMS authentication, authorization and accounting server serves as the authentication server.
Enable ARP attack detection and IP filtering based on bindings of authenticated 802.1x clients on
the switch to prevent ARP attacks.
Network Diagram
Figure 1-4 Network diagram for 802.1x based ARP/IP attack defense
Configuration Procedures
# Enter system view.
<Switch> system-view
# Enable 802.1x authentication globally.
[Switch] dot1x
# Enable ARP attack detection for VLAN 1.
[Switch] vlan 1
[Switch-vlan1] arp detection enable
[Switch-vlan1] quit
# Configure Ethernet 1/0/2 and Ethernet 1/0/3 as ARP trusted ports.
[Switch] interface Ethernet1/0/2
[Switch-Ethernet1/0/2] arp detection trust
[Switch-Ethernet1/0/2] quit
[Switch] interface Ethernet1/0/3
[Switch-Ethernet1/0/3] arp detection trust
[Switch-Ethernet1/0/3] quit
# Enable using IP-MAC bindings of authenticated 802.1x clients for ARP attack detection.
[Switch] ip source static import dot1x
7
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
Need help?
Do you have a question about the 4210 9-Port and is the answer not in the manual?
Questions and answers