Network requirements, Configuration procedure – H3C Technologies H3C S12500-X Series Switches User Manual

Page 233

Advertising
background image

221

Figure 69 Network diagram

530B

Configuration considerations

An attacker might forge a large number of ARP packets by using the MAC address of a valid host as the

source MAC address. To prevent such attacks, configure the gateway in the following steps:

1.

Enable source MAC-based ARP attack detection and specify the handling method as filter.

2.

Set the threshold.

3.

Set the lifetime for ARP attack entries.

4.

Exclude the MAC address of the server from this detection.

531B

Configuration procedure

# Enable source MAC-based ARP attack detection, and specify the handling method as filter.

<Device> system-view

[Device] arp source-mac filter

# Set the threshold to 50.

[Device] arp source-mac threshold 50

# Set the lifetime for ARP attack entries to 60 seconds.

[Device] arp source-mac aging-time 60

# Exclude MAC address 0012-3f86-e94c from this detection.

[Device] arp source-mac exclude-mac 0012-3f86-e94c

IP network

Gateway

Device

Host A

Host B

Host C

Host D

ARP attack protection

Server

0012-3f 86-e 94c

Advertising
This manual is related to the following products:

H3C S5560 Series Switches, H3C WX6000 Series Access Controllers, H3C WX5000 Series Access Controllers, H3C WX3000 Series Unified Switches, H3C LSWM1WCM10 Access Controller Module, H3C LSWM1WCM20 Access Controller Module, H3C LSQM1WCMB0 Access Controller Module, H3C LSRM1WCM2A1 Access Controller Module, H3C LSBM1WCM2A0 Access Controller Module, H3C S9800 Series Switches, H3C S5130 Series Switches, H3C S5120 Series Switches

Popular Brands
Popular manuals