No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


CLI-based Configuration Guide - Security

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document provides the basic concepts, configuration procedures, and configuration examples in different application scenarios of the network management feature supported by the device.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
How Do I Take Measures to Prevent Internal Network Attacks?

How Do I Take Measures to Prevent Internal Network Attacks?

Internal network attacks refer to attacks from Layer 2 protocol packets. Attacks often use ARP to attack network devices. ARP attack defense measures are often used:
  • Strict ARP learning: The device learns only the ARP Reply packets in response to the ARP Request packets sent by itself. Run the arp learning strict command to enable strict ARP learning.
  • ARP gateway anti-collision: If an attacker sends an ARP packet with the source IP address as the gateway address, ARP entries are modified incorrectly. ARP gateway anti-collision can solve this problem. Run the arp anti-attack gateway-duplicate enable command to enable the ARP gateway anti-collision function.
  • Sending gratuitous ARP packets: To ensure that packets sent by hosts on the internal network are forwarded to the gateway or prevent malicious users from intercepting these packets, the device sends gratuitous ARP packets at intervals to update the gateway address in ARP entries of the hosts. Run the arp gratuitous-arp send enable command to enable the device to send gratuitous ARP packets. By default, the device sends gratuitous ARP packets every 90s.

If too many security measures are used, device performance may deteriorate.

Updated: 2019-08-07

Document ID: EDOC1100034077

Views: 128202

Downloads: 231

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next