Configuring other arp attack protection functions – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 166
150
Item Description
Trusted Ports
Select trusted ports and untrusted ports.
To add ports to the Trusted Ports list box, select one or multiple ports from the Untrusted
Ports list box and click the << button.
To remove ports from the Trusted Ports list box, select one or multiple ports from the list box
and click the >> button.
ARP Packet
Validity Check
Select ARP packet validity check modes, including:
•
Discard the ARP packet whose sender MAC address is different from the source MAC
address in the Ethernet header.
•
Discard the ARP packet whose target MAC address is all 0s, all 1s, or inconsistent with
the destination MAC address in the Ethernet header.
•
Discard the ARP request whose source IP address is all 0s, all 1s, or a multicast address,
and discard the ARP reply whose source and destination IP addresses are all 0s, all 1s,
or multicast addresses.
ARP packet validity check takes precedence over user validity check. If none of the above
is selected, the system does not check the validity of ARP packets.
Configuring other ARP attack protection functions
Other ARP attack protection functions include source MAC address based ARP attack detection, ARP
active acknowledgement, and ARP packet source address consistency check.
1.
Select Network > ARP Anti-Attack from the navigation tree.
2.
Click the Advanced Configuration tab to enter the page shown in
.
Figure 129 Advanced Configuration page
3.
Configure ARP attack protection parameters as described in
4.
Click Apply.