330
ARP attack protection configuration
NOTE:
The term
interface
in the ARP attack protection features refers to Layer 3 interfaces, including VLAN
interfaces and route-mode (or Layer 3) Ethernet ports. You can set an Ethernet port to operate in route
mode by using the port link-mode route command (see
Layer 2—LAN Switching Configuration Guide
).
ARP attack protection overview
Although ARP is easy to implement, it provides no security mechanism and is vulnerable to network
attacks. An attacker can exploit ARP vulnerabilities to attack network devices in the following ways:
• Acts as a trusted user or gateway to send ARP packets so the receiving devices obtain incorrect ARP
entries.
• Sends a large number of destination unreachable IP packets to have the receiving device busy with
resolving destination IP addresses until its CPU is overloaded.
• Sends a large number of ARP packets to overload the CPU of the receiving device.
For more information about ARP attack features and types, see ARP Attack Protection Technology White
Paper.
ARP attacks and viruses are threatening LAN security. This chapter introduces multiple features to detect
and prevent such attacks.
ARP attack protection configuration task list
Complete the following tasks to configure ARP attack protection:
Task Remarks
Flood prevention
Configuring ARP
defense agai
nst
IP packet attacks
Configuring ARP source
suppression
Optional
Configure this function on gateways
(recommended).
Enabling ARP black hole
routing
Optional
Configure this function on gateways
(recommended).
Configuring ARP packet rate limit
Optional
Configure this function on access
devices (recommended).
Configuring source MAC address based ARP
attack detection
Optional
Configure this function on gateways
(recommended).
User and
gateway
spoofing
Configuring ARP packet source MAC address
consistency che
c
k
Optional
Configure this function on gateways
(recommended).
To Next Page
Loading...
Need help?
General