Configuration example, Network requirements, Configuration considerations – H3C Technologies H3C S6300 Series Switches User Manual
Page 339
324
Displaying and maintaining unresolvable IP attack protection
Execute display commands in any view.
Task Command
Display ARP source suppression configuration information. display arp source-suppression
Configuration example
Network requirements
As shown in
, a LAN contains two areas: an R&D area in VLAN 10 and an office area in VLAN
20. Each area connects to the gateway (Device) through an access switch.
A large number of ARP requests are detected in the office area and are considered as the consequence
of an unresolvable IP attack. To prevent the attack, configure ARP source suppression or ARP blackhole
routing.
Figure 107 Network diagram
Configuration considerations
If the attack packets have the same source address, configure the ARP source suppression feature as
follows:
1.
Enable ARP source suppression.
2.
Set the threshold to 100. If the number of unresolvable IP packets received from a host within 5
seconds exceeds 100, the device stops resolving packets from the host until the 5 seconds elapse.
If the attack packets have different source addresses, enable the ARP blackhole routing feature on the
gateway.