Manualshelf

R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
431432433434435436437438439440
34
Displaying and maintaining ARP source suppression
Task Command
Remarks
Display ARP source suppression
configuration information.
display arp source-suppression [ | { begin
| exclude | include } regular-expression ]
Available in any view.
Configuration example
Network requirements
As shown in Figure 137, a LAN contains two areas: an R&D area in VLAN 10 and an office area in VLAN
20. The two areas connect to the gateway (Device) through an access switch respectively.
A large number of ARP requests are detected in the office area and are considered as a consequence of
an IP flood attack. To prevent such attacks, configure ARP source suppression and ARP blackhole routing.
Figure 137 Network diagram
Configuration considerations
If the attack packets have the same source address, you can enable the ARP source suppression function
as follows:
1. Enable ARP source suppression.
2. Set the threshold to 100. If the number of unresolvable IP packets received from a host within five
seconds exceeds 100, the device stops resolving packets from the host until the 5 seconds elapse.
If the attack packets have different source addresses, enable the ARP blackhole routing function on the
device.
Configuration procedure
# Enable ARP source suppression and set the threshold to 100.
IP network
Gateway
Device
R&D Office
VLAN 10 VLAN 20
Host A Host B Host C Host D
ARP attack protection