Configuring other arp attack protection functions – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 166

150

Item Description

Trusted Ports

Select trusted ports and untrusted ports.
To add ports to the Trusted Ports list box, select one or multiple ports from the Untrusted

Ports list box and click the << button.
To remove ports from the Trusted Ports list box, select one or multiple ports from the list box
and click the >> button.

ARP Packet
Validity Check

Select ARP packet validity check modes, including:

•

Discard the ARP packet whose sender MAC address is different from the source MAC

address in the Ethernet header.

•

Discard the ARP packet whose target MAC address is all 0s, all 1s, or inconsistent with

the destination MAC address in the Ethernet header.

•

Discard the ARP request whose source IP address is all 0s, all 1s, or a multicast address,

and discard the ARP reply whose source and destination IP addresses are all 0s, all 1s,
or multicast addresses.

ARP packet validity check takes precedence over user validity check. If none of the above
is selected, the system does not check the validity of ARP packets.

Configuring other ARP attack protection functions

Other ARP attack protection functions include source MAC address based ARP attack detection, ARP
active acknowledgement, and ARP packet source address consistency check.

Select Network > ARP Anti-Attack from the navigation tree.

Click the Advanced Configuration tab to enter the page shown in

Figure 129

Figure 129 Advanced Configuration page

Configure ARP attack protection parameters as described in

Table 62

Click Apply.

This manual is related to the following products:

H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module