beautypg.com

Configuring arp filtering, Introduction, Configuration procedure – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 356: Arp filtering configuration example, Network requirements

background image

342

Configuring ARP filtering

Introduction

The ARP filtering feature can prevent gateway spoofing and user spoofing attacks.
An interface enabled with this feature checks the sender IP and MAC addresses in a received ARP packet
against permitted entries. If a match is found, the packet is handled normally. If not, the packet is

discarded.

Configuration procedure

To configure ARP filtering:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter Layer 2 Ethernet interface

view or WLAN-ESS interface
view.

interface interface-type interface-number N/A

3.

Configure an ARP filtering
entry.

arp filter binding ip-address
mac-address

Not configured by default

NOTE:

You can configure up to eight ARP filtering entries on a port.

Commands arp filter source and arp filter binding cannot be both configured on a port.

If ARP filtering works with ARP detection, MFF, ARP snooping and ARP fast-reply, ARP filtering applies
first.

ARP filtering configuration example

Network requirements

As shown in

Figure 145

, the IP and MAC addresses of Client 1 are 10.1.1.2 and 000f-e349-1233. The IP

and MAC addresses of Client 2 are 10.1.1.3 and 000f-e349-1234.
Configure ARP filtering on the AC's WLAN interface to permit specific ARP packets only.