Introduction, Configuration procedure, Configuring arp active acknowledgement – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

333

Configuring ARP packet source MAC address

consistency check

Introduction

This feature enables a gateway device to filter out ARP packets with a source MAC address in the
Ethernet header different from the sender MAC address in the message body, so that the gateway device

can learn correct ARP entries.

Configuration procedure

To enable ARP packet source MAC address consistency check:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable ARP packet source MAC

address consistency check.

arp anti-attack valid-check enable Disabled by default

Configuring ARP active acknowledgement

Introduction

Configure this feature on gateway devices to prevent user spoofing.
ARP active acknowledgement prevents a gateway from generating incorrect ARP entries. For more

information about its working mechanism, see ARP Attack Protection Technology White Paper.

Configuration procedure

To configure ARP active acknowledgement:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable the ARP active

acknowledgement function.

arp anti-attack active-ack enable

Disabled by default

Configuring ARP detection

Introduction

ARP detection enables access devices to block ARP packets from unauthorized clients to prevent user
spoofing and gateway spoofing attacks.