EasyManua.ls Logo

HPE FlexFabric 5940 SERIES

HPE FlexFabric 5940 SERIES
571 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
474
Configuration procedure
# Configure ARP gateway protection on Device B.
<DeviceB> system-view
[DeviceB] interface ten-gigabitethernet 1/0/1
[DeviceB-Ten-GigabitEthernet1/0/1] arp filter source 10.1.1.1
[DeviceB-Ten-GigabitEthernet1/0/1] quit
[DeviceB] interface ten-gigabitethernet 1/0/2
[DeviceB-Ten-GigabitEthernet1/0/2] arp filter source 10.1.1.1
Verifying the configuration
# Verify that Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 discard the incoming ARP
packets whose sender IP address is the IP address of the gateway.
Configuring ARP filtering
The ARP filtering feature can prevent gateway spoofing and user spoofing attacks.
An interface enabled with this feature checks the sender IP and MAC addresses in a received ARP
packet against permitted entries. If a match is found, the packet is handled correctly. If not, the
packet is discarded.
Configuration guidelines
Follow these guidelines when you configure ARP filtering:
You can configure a maximum of eight permitted entries on an interface.
Do not configure both the arp filter source and arp filter binding commands on an interface.
If ARP filtering works with ARP attack detection, ARP snooping, and ARP fast-reply, ARP
filtering applies first.
Configuration procedure
To configure ARP filtering:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter Layer 2 Ethernet
interface or Layer 2 aggregate
interface view.
interface
interface-type
interface-number
N/A
3. Enable ARP filtering and
configure a permitted entry.
arp filter binding
ip-address
mac-address
By default, ARP filtering is
disabled.
Configuration example
Network requirements
As shown in Figure 136, the IP and MAC addresses of Host A are 10.1.1.2 and 000f-e349-1233,
respectively. The IP and MAC addresses of Host B are 10.1.1.3 and 000f-e349-1234, respectively.
Configure ARP filtering on Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 of Device B to
permit ARP packets from only Host A and Host B.

Table of Contents

Other manuals for HPE FlexFabric 5940 SERIES

Related product manuals