371
Enabling ARP black hole routing
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enable ARP black hole routing.
arp resolving-route enable
Optional.
Enabled by default.
Displaying and maintaining ARP defense against IP packet
attacks
Task Command
Remarks
Display ARP source suppression
configuration information.
display arp source-suppression [ |
{ begin | exclude | include }
regular-expression ]
Available in any view
Configuration example
Network requirements
As shown in Figure 117, a LAN contains two areas: an R&D area in VLAN 10 and an office area in VLAN
20. The two areas connect to the gateway (Device) through an access switch.
A large number of ARP requests are detected in the office area and are considered as the consequence
of an IP flood attack. To prevent such attacks, configure ARP source suppression and ARP black hole
routing.
Figure 117 Network diagram
IP network
Gateway
Device
R&D Office
VLAN 10 VLAN 20
Host A Host B Host C Host D
ARP attack protection
To Next Page
Loading...
Need help?
General
