Configuration example, Network requirements, Configuration considerations – H3C Technologies H3C S6300 Series Switches User Manual

Page 342

327

Displaying and maintaining source MAC-based ARP attack
detection

Execute display commands in any view.

Task Command

Display ARP attack entries detected by source
MAC-based ARP attack detection.

display arp source-mac { slot slot-number | interface
interface-type interface-number }

Configuration example

Network requirements

As shown in

Figure 108

, the hosts access the Internet through a gateway (Device). If malicious users send

a large number of ARP requests to the gateway, the gateway might crash and cannot process requests

from the clients. To solve this problem, configure source MAC-based ARP attack detection on the

gateway.

Figure 108 Network diagram

Configuration considerations

An attacker might forge a large number of ARP packets by using the MAC address of a valid host as the
source MAC address. To prevent such attacks, configure the gateway in the following steps:

Enable source MAC-based ARP attack detection and specify the handling method as filter.

Set the threshold.

IP network

Gateway

Device

Host A

Host B

Host C

Host D

ARP attack protection

Server

0012-3f 86-e 94c

This manual is related to the following products:

H3C S5820V2 Series Switches H3C S5830 Series Switches H3C S5830V2 Series Switches H3C S3600V2 Series Switches