To Next Page

To Previous Page

250

Configuring ARP attack protection

Overview

Although ARP is easy to implement, it provides no security mechanism and is vulnerable to network

attacks. The ARP detection feature enables access devices to block ARP packets from unauthorized clients

to prevent user spoofing and gateway spoofing attacks.

ARP detection provides user validity check and ARP packet validity check.

User validity check

This feature does not check ARP packets received from ARP trusted ports, but it checks ARP packets from

ARP untrusted ports.

Upon receiving an ARP packet from an ARP untrusted interface, this feature compares the sender IP and

MAC addresses against the DHCP snooping entries and 802.1X security entries. If a match is found from

those entries, the ARP packet is considered valid and is forwarded. If no match is found, the ARP packet

is considered invalid and is discarded.

ARP packet validity check

This feature does not check ARP packets received from ARP trusted ports. It checks ARP packets received

from ARP untrusted ports based on the following objects:

• src-mac—Checks whether the sender MAC address in the message body is identical to the source

MAC address in the Ethernet header. If they are identical, the packet is forwarded. Otherwise, the

packet is discarded.

• dst-mac—Checks the target MAC address of ARP replies. If the target MAC address is all-zero,

all-one, or inconsistent with the destination MAC address in the Ethernet header, the packet is

considered invalid and discarded.

• ip—Checks the sender and target IP addresses of ARP replies, and the sender IP address of ARP

requests. All-one or multicast IP addresses are considered invalid and the corresponding packets

are discarded.

Configuring ARP detection

To check user validity, at least one among DHCP snooping entries and 802.1X security entries is

available. Otherwise, all ARP packets received from ARP untrusted ports are discarded.

1. From the navigation tree, select Network > ARP Anti-Attack.

The default ARP Detection page appears.

Questions and Answers:

Need help?

Do you have a question about the HP 1920 Gigabit Ethernet Switch Series and is the answer not in the manual?

HP 1920 Gigabit Ethernet Switch Series Specifications

General

Brand	HP
Model	1920 Gigabit Ethernet Switch Series
Category	Switch
Language	English

Related product manuals

HP 1920-24G

10 pages

HP 1920 Series

33 pages

HP OfficeConnect 1920S 8G

16 pages

HP OfficeConnect 1920S Series

HP Aruba Instant On 1930

HP 1920 Gigabit Ethernet Switch Series User Manual

Table of Contents

Questions and Answers:

HP 1920 Gigabit Ethernet Switch Series Specifications

Related product manuals