ARP Configuration
S6424-S2C2 switches provide active defense ARP spoofing function, in practical
applications, the network hosts the first communication, the switch will record the ARP table
entries, entries in the message of the sender IP, MAC, VID, and port correspondence.
To prevent the above mentioned ARP attacks, S6424-S2C2 launches a comprehensive
ARP attack protection solution.
An access switch is a critical point to prevent ARP attacks, as ARP attacks generally arise
from the host side. To prevent ARP attacks, the access switches must be able to
Establish correct ARP entries, detect and filter out forged ARP packets, and ensure the
validity of ARP packets it forwards
Suppress the burst impact of ARP packets.
After configuring the access switches properly, you do not need to deploy ARP attack
protection configuration on the gateway. This relieves the burden from the gateway.
If the access switches do not support ARP attack protection, or the hosts are connected to
a gateway directly, the gateway must be configured to
Create correct ARP entries and prevent them from being modified.
Suppress the burst impact of ARP packets or the IP packets that will trigger sending of
ARP requests.
The merits of configuring ARP attack protection on the gateway are that this gateway
configuration hardly affects the switches and can properly support the existing network, thus
effectively protecting user investment
12.2.3 Configuring Anti-Spoofing
Table 12-1 Configure anti-spoofing
Enter global configuration mode
arp anti-spoofing unknown
{diacard | flood}
Configure the method of unknown
static ARP packet
copy running-config
startup-config
save modified configuration
To Next Page
Loading...
Need help?
General
