Configuring other arp attack protection functions – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 197
176
Item Description
Trusted Ports
Select trusted ports and untrusted ports.
To add ports to the Trusted Ports list box, select one or multiple ports from the Untrusted
Ports list box and click the << button.
To remove ports from the Trusted Ports list box, select one or multiple ports from the list box
and click the >> button.
ARP Packet
Validity Check
Select the ARP packet validity check mode:
•
Discard the ARP packet whose sender MAC address is different from the source MAC
address in the Ethernet header.
•
Discard the ARP packet whose target MAC address is all 0s, all 1s, or inconsistent with
the destination MAC address in the Ethernet header.
•
Discard the ARP request whose source IP address is all 0s, all 1s, or a multicast address,
and discard the ARP reply whose source and destination IP addresses are all 0s, all 1s,
or multicast addresses.
ARP packet validity check takes precedence over user validity check. If none of the ARP
packet validity check modes are selected, the system does not check the validity of ARP
packets
Configuring other ARP attack protection functions
Other ARP attack protection functions include source MAC address-based ARP attack detection, ARP
active acknowledgement, and ARP packet source address consistency check.
1.
From the navigation tree, select Network > ARP Anti-Attack.
2.
Click the Advanced Configuration tab.
Figure 143 Advanced Configuration page
3.
Configure ARP attack protection parameters, as described in
4.
Click Apply.