ARP gateway protection configuration example
Network requirements
As shown in Figure 120, Host B launches gateway spoofing attacks to Switch B. As a result, traffic that Switch B intends to send to Switch A is sent to Host B.
Configure Switch B to block such attacks.
Figure 120: Network diagram
Configuration procedure
# Configure ARP gateway protection on Switch B.
<SwitchB> system-view [SwitchB] interface gigabitethernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] arp filter source 10.1.1.1 [SwitchB-GigabitEthernet1/0/1] quit [SwitchB] interface gigabitethernet 1/0/2 [SwitchB-GigabitEthernet1/0/2] arp filter source 10.1.1.1
After the configuration is complete, Switch B will discard the ARP packets whose source IP address is that of the gateway.