ARP gateway protection configuration example

Network requirements

As shown in Figure 120, Host B launches gateway spoofing attacks to Switch B. As a result, traffic that Switch B intends to send to Switch A is sent to Host B.

Configure Switch B to block such attacks.

Figure 120: Network diagram

Configuration procedure

# Configure ARP gateway protection on Switch B.

<SwitchB> system-view
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] arp filter source 10.1.1.1
[SwitchB-GigabitEthernet1/0/1] quit
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] arp filter source 10.1.1.1

After the configuration is complete, Switch B will discard the ARP packets whose source IP address is that of the gateway.