F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Attack Protection Configuration Guide-6PW100
51
77BDisplaying and maintaining ARP source suppression
Task Command
Remarks
Display the ARP source suppression
configuration information.
display arp source-suppression [ |
{ begin | exclude | include }
regular-expression ]
Available in any view.
16B
Unresolvable IP attack protection configuration
example
169BNetwork requirements
As shown in 332HFigure 45, a LAN contains two areas: an R&D area in VLAN 10 and an office area in VLAN
20. The two areas connect to the gateway (Firewall) through an access switch respectively.
A large number of ARP requests are detected in the office area and are considered as a consequence of
an IP flood attack. To prevent such attacks, configure ARP source suppression and ARP black hole
routing.
Figure 45 Network diagram
170BConfiguration considerations
If the attack packets have the same source address, you can enable the ARP source suppression function
as follows:
1. Enable ARP source suppression.
2. Set the threshold to 100. If the number of unresolvable IP packets received from a host within five
seconds exceeds 100, the device stops resolving packets from the host until the five seconds
elapse.