[x]

Configuring ARP gateway protection > Example: Configuring ARP gateway protection

 

 Next

Example: Configuring ARP gateway protection

Network configuration

As shown in Figure 165, Host B launches gateway spoofing attacks to Device B. As a result, traffic that Device B intends to send to Device A is sent to Host B.

Configure Device B to block such attacks.

Figure 165: Network diagram

Procedure

# Configure ARP gateway protection on Device B.

<DeviceB> system-view
[DeviceB] interface hundredgige 1/0/1
[DeviceB-HundredGigE1/0/1] arp filter source 10.1.1.1
[DeviceB-HundredGigE1/0/1] quit
[DeviceB] interface hundredgige 1/0/2
[DeviceB-HundredGigE1/0/2] arp filter source 10.1.1.1

Verifying the configuration

# Verify that HundredGigE 1/0/1 and HundredGigE 1/0/2 discard the incoming ARP packets whose sender IP address is the IP address of the gateway.

prev

 

up

 next

Procedure 

home

 Configuring ARP filtering

© Copyright 2017 Hewlett Packard Enterprise Development LP