Configuring other arp attack protection functions – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

176

Item Description

Trusted Ports

Select trusted ports and untrusted ports.
To add ports to the Trusted Ports list box, select one or multiple ports from the Untrusted

Ports list box and click the << button.
To remove ports from the Trusted Ports list box, select one or multiple ports from the list box
and click the >> button.

ARP Packet
Validity Check

Select the ARP packet validity check mode:

•

Discard the ARP packet whose sender MAC address is different from the source MAC

address in the Ethernet header.

•

Discard the ARP packet whose target MAC address is all 0s, all 1s, or inconsistent with

the destination MAC address in the Ethernet header.

•

Discard the ARP request whose source IP address is all 0s, all 1s, or a multicast address,

and discard the ARP reply whose source and destination IP addresses are all 0s, all 1s,
or multicast addresses.

ARP packet validity check takes precedence over user validity check. If none of the ARP
packet validity check modes are selected, the system does not check the validity of ARP

packets

Configuring other ARP attack protection functions

Other ARP attack protection functions include source MAC address-based ARP attack detection, ARP

active acknowledgement, and ARP packet source address consistency check.

1.

From the navigation tree, select Network > ARP Anti-Attack.

2.

Click the Advanced Configuration tab.

Figure 143 Advanced Configuration page

3.

Configure ARP attack protection parameters, as described in

Table 67

.

4.

Click Apply.