347
NOTE:
• You can enable ARP gateway protection for up to eight gateways on a port.
• Commands arp filter source and arp filter binding cannot be both configured on a port.
• If ARP gateway protection works with ARP detection, MFF, and ARP snooping, ARP
ateway protection
applies first.
ARP gateway protection configuration example
Network requirements
As shown in Figure 131, Host B launches gateway spoofing attacks to Switch B. As a result, traffic that
Switch B intends to send to Switch A is sent to Host B.
Configure Switch B to block such attacks.
Figure 131 Network diagram
Switch A
Switch B
Host A Host B
Gateway
Eth1/0/1
Eth1/0/3
Eth1/0/2
10.1.1.1/24
Configuration procedure
# Configure ARP gateway protection on Switch B.
<SwitchB> system-view
[SwitchB] interface ethernet 1/0/1
[SwitchB-Ethernet1/0/1] arp filter source 10.1.1.1
[SwitchB-Ethernet1/0/1] quit
[SwitchB] interface ethernet 1/0/2
[SwitchB-Ethernet1/0/2] arp filter source 10.1.1.1
After the configuration is complete, Switch B will discard the ARP packets whose source IP address is that
of the gateway.
To Next Page
Loading...
Need help?
General