Configuring arp detection – H3C Technologies H3C WX6000 Series Access Controllers User Manual

Page 169

Advertising
background image

23-3

src-mac: Checks whether the sender MAC address of an ARP packet is identical to the source

MAC address in the Ethernet header. If they are identical, the packet is forwarded; otherwise, the

packet is discarded.

dst-mac: Checks the target MAC address of ARP replies. If the target MAC address is all-zero,

all-one, or inconsistent with the destination MAC address in the Ethernet header, the packet is

considered invalid and discarded.

ip: Checks both the source and destination IP addresses in an ARP packet. The all-zero, all-one or

multicast IP addresses are considered invalid and the corresponding packets are discarded. With

this object specified, the source and destination IP addresses of ARP replies, and the source IP

address of ARP requests are checked.

Configuring ARP Detection

If both the ARP detection based on specified objects and the ARP detection based on static IP Source

Guard binding entries/DHCP snooping entries/802.1X security entries/OUI MAC addresses are

enabled, the former one applies first, and then the latter applies.

Select Network > ARP Anti-Attack from the navigation tree to enter the default ARP Detection page

shown in

Figure 23-2

.

Figure 23-2 ARP Detection configuration page

Table 23-1

describes the ARP Detection configuration items.

Advertising
This manual is related to the following products:

H3C WX5000 Series Access Controllers, H3C WX3000 Series Unified Switches, H3C LSWM1WCM10 Access Controller Module, H3C LSWM1WCM20 Access Controller Module, H3C LSQM1WCMB0 Access Controller Module, H3C LSRM1WCM2A1 Access Controller Module, H3C LSBM1WCM2A0 Access Controller Module

Popular Brands
Popular manuals