beautypg.com

Arp gateway protection configuration example, Network requirements, Configuration procedure – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 355

background image

341

NOTE:

You can enable ARP gateway protection for up to eight gateways on a port.

Commands arp filter source and arp filter binding cannot be both configured on a port.

If ARP gateway protection works with ARP detection, MFF, ARP snooping and ARP fast-reply, ARP
gateway protection applies first.

ARP gateway protection configuration example

Network requirements

As shown in

Figure 144

, Client 2 launches gateway spoofing attacks to the AC. As a result, traffic that the

AC intends to send to the switch is sent to Client 2.
Configure the switch to block such attacks.

Figure 144 Network diagram

Configuration procedure

# Configure clients to connect to the AC through the interface WLAN-ESS 0.
# Configure ARP gateway protection on the AC.

system-view

[AC] interface WLAN-ESS 0

[AC-WLAN-ESS0] arp filter source 10.1.1.1

[AC-WLAN-ESS0] quit

After the configuration is complete, the AC will discard the ARP packets from Client 2 whose source IP
address is that of the gateway.