386
• If ARP gateway protection works with ARP detection, and ARP snooping, ARP gateway protection
applies first.
Configuration procedure
To configure ARP gateway protection:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter Layer 2 Ethernet interface
view/Layer 2 aggregate interface view.
interface interface-type
interface-number
N/A
3. Enable ARP gateway protection for a
specific gateway.
arp filter source ip-address Disabled by default
Configuration example
Network requirements
As shown in Figure 122, Host B launches gateway spoofing attacks to Switch B. As a result, traffic that
Switch B intends to send to Switch A is sent to Host B.
Configure Switch B to block such attacks.
Figure 122 Network diagram
Configuration procedure
# Configure ARP gateway protection on Switch B.
<SwitchB> system-view
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] arp filter source 10.1.1.1
[SwitchB-GigabitEthernet1/0/1] quit
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] arp filter source 10.1.1.1
To Next Page
Loading...
Need help?
General
