beautypg.com

Arp attack defense configuration example ii, Network requirements, Network diagram – H3C Technologies H3C S3600 Series Switches User Manual

Page 611: Configuration procedures

background image

2-10

ARP Attack Defense Configuration Example II

Network Requirements

As shown in

Figure 2-4

, Host A and Host B are connected to Gateway through an access switch

(Switch). The IP and MAC addresses of Gateway are 192.168.100.1/24 and 000D-88F8-528C. To

prevent gateway spoofing attacks from Host A and Host B, configure ARP packet filtering based on the

gateway’s IP and MAC addresses on Switch.

Network Diagram

Figure 2-4 Network diagram for defense against gateway spoofing

Eth1/0/1

Eth1/0/2

Eth1/0/3

Switch

Vlan-int 1
192.168.100.1/24
MAC:000D-88F8-528C

Gateway

Host A

Host B

Configuration Procedures

# Enter system view.

system-view

# Configure ARP packet filtering based on the gateway’s IP and MAC addresses on Ethernet 1/0/1.

[Switch] interface Ethernet 1/0/1

[Switch-Ethernet1/0/1] arp filter binding 192.168.100.1 000d-88f8-528c

[Switch-Ethernet1/0/1] quit

# Configure ARP packet filtering based on the gateway’s IP address on Ethernet 1/0/2.

[Switch] interface Ethernet 1/0/2

[Switch-Ethernet1/0/2] arp filter source 192.168.100.1

[Switch-Ethernet1/0/2] quit

# Configure ARP packet filtering based on the gateway’s IP address on Ethernet 1/0/3.

[Switch] interface Ethernet 1/0/3

[Switch-Ethernet1/0/3] arp filter source 192.168.100.1

[Switch-Ethernet1/0/3] quit

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: