Manualshelf

R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
441442443444445446447448449450
49
Ste
p
Command
Remarks
2. Enter Layer 2 Ethernet interface
view.
interface interface-type
interface-number
N/A
3. Enable ARP gateway protection
for a specific gateway.
arp filter source ip-address Disabled by default.
ARP gateway protection configuration example
Network requirements
As shown in Figure 143, Host B launches gateway spoofing attacks to Router B. As a result, traffic that
Router B intends to send to Router A is sent to Host B.
Configure Router B to block such attacks.
Figure 143 Network diagram
Configuration procedure
# Configure ARP gateway protection on Router B.
<RouterB> system-view
[RouterB] interface gigabitethernet 3/0/1
[RouterB-GigabitEthernet3/0/1] port link-mode bridge
[RouterB-GigabitEthernet3/0/1] arp filter source 10.1.1.1
[RouterB-GigabitEthernet3/0/1] quit
[RouterB] interface gigabitethernet 3/0/2
[RouterB-GigabitEthernet3/0/2] port link-mode bridge
[RouterB-GigabitEthernet3/0/2] arp filter source 10.1.1.1
After the configuration is complete, Router B discards the ARP packets whose source IP address is that of
the gateway.
Configuring ARP filtering