Configuration examples, Example for anti arp spoofing, Network requirements – TP-Link Omada ER8411 VPN Router User Manual
Page 126: Configuration scheme, Network requirements configuration scheme, 1 example for anti arp spoofing, 1 network requirements, 2 configuration scheme
Configuring Firewall
Configuration Examples
User Guide 117
3
Configuration Examples
3.1 Example for Anti ARP Spoofing
3.1.1 Network Requirements
In the diagram below, several hosts are connected to the network via a layer 2 switch, and
the router is the gateway of this network. Since there exists the possibility that the attacker
will launch a series of ARP attacks, it is required to configure the router to protect itself and
the terminal hosts from the ARP attacks.
Figure 3-1
Network Topology
Internet
Layer 2 Switch
Host A
192.168.0.10
00-19-56-8A-4C-71
Host B
192.168.0.20
00-19-56-82-3B-70
Host C
192.168.0.30
00-19-56-8D-22-75
Attacker
Router
LAN
192.168.0.1
WAN
3.1.2 Configuration Scheme
The attacker can launch three types of ARP attacks: cheating router, imitating gateway and
cheating terminal hosts. The following section introduces the three ARP attacks and the
corresponding solutions.
■
Cheating Gateway
Cheating gateway attack is aimed at the router.