S1720, S2700, S5700, and S6720 V200R011C10 Configuration Guide - Security
This document describes the configurations of Security, including ACL, local attack defense, MFF, attack defense, traffic suppression and storm control, ARP security, Port security, DHCP snooping, ND snooping, PPPoE+, IPSG, SAVI, URPF, keychain, MPAC, separating the management plane from the service plane, security risks, PKI.
Configuring Defense Against ARP Spoofing Attacks
If an attacker sends bogus ARP packets to a network device or user host, the device or host modifies the local ARP entries, leading to packet forwarding failures. The function of defense against ARP spoofing attacks can prevent such attacks.
Pre-configuration Tasks
Before configuring defense against ARP spoofing attacks, connect interfaces and set physical parameters for the interfaces to ensure that the physical status of the interfaces is Up.
- Configuring ARP Entry Fixing
- Configuring DAI
- Configuring ARP Gateway Anti-Collision
- Configuring Gratuitous ARP Packet Sending
- Configuring ARP Gateway Protection
- Configuring MAC Address Consistency Check in an ARP Packet
- Configuring ARP Packet Validity Check
- Configuring Strict ARP Learning
- Configuring ARP Learning Triggered by DHCP
- Configuring ARP Proxy on a VPLS Network
- Verifying the ARP Spoofing Attack Defense Configuration
Document ID:EDOC1000178177
Views:1302877
Downloads:2287
Average rating:4.2Points