Arp/ip attack defense configuration example iii, Network requirements, Network diagram – H3C Technologies H3C S3100 Series Switches User Manual
Page 968: Configuration procedures
7
[SwitchA-Vlan-interface1] arp max-learning-num 500
[SwitchA-Vlan-interface1] quit
ARP/IP Attack Defense Configuration Example III
Network Requirements
z
Host A is assigned with an IP address statically and installed with an 802.1x client.
z
A CAMS authentication, authorization and accounting server serves as the authentication server.
z
Enable ARP attack detection and IP filtering based on bindings of authenticated 802.1x clients on
the switch to prevent ARP attacks.
Network Diagram
Figure 1-4 Network diagram for 802.1x based ARP/IP attack defense
Configuration Procedures
# Enter system view.
<Switch> system-view
# Enable 802.1x authentication globally.
[Switch] dot1x
# Enable ARP attack detection for VLAN 1.
[Switch] vlan 1
[Switch-vlan1] arp detection enable
[Switch-vlan1] quit
# Configure Ethernet 1/0/2 and Ethernet 1/0/3 as ARP trusted ports.
[Switch] interface Ethernet1/0/2
[Switch-Ethernet1/0/2] arp detection trust
[Switch-Ethernet1/0/2] quit
[Switch] interface Ethernet1/0/3
[Switch-Ethernet1/0/3] arp detection trust
[Switch-Ethernet1/0/3] quit
# Enable using IP-MAC bindings of authenticated 802.1x clients for ARP attack detection.
[Switch] ip source static import dot1x
# Enable 802.1x on Ethernet 1/0/1.