Manualshelf

R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis
411412413414415416417418419420
404
Figure 120 Network diagram
Configuration considerations
If the attack packets have the same source address, configure the ARP source suppression function as
follows:
1. Enable ARP source suppression.
2. Set the threshold to 100. If the number of unresolvable IP packets received from a host within 5
seconds exceeds 100, the device stops resolving packets from the host until the 5 seconds elapse.
If the attack packets have different source addresses, enable the ARP blackhole routing function on the
gateway.
Configuration procedure
# Enable ARP source suppression and set the threshold to 100.
<Device> system-view
[Device] arp source-suppression enable
[Device] arp source-suppression limit 100
# Enable ARP blackhole routing.
[Device] arp resolving-route enable
Configuring source MAC-based ARP attack
detection
This feature checks the number of ARP packets delivered to the CPU. If the number of packets from the
same MAC address within 5 seconds exceeds a threshold, the device adds the MAC address in an ARP
attack entry. Before the entry is aged out, the device handles the attack by using either of the following
methods:
Monitor—Only generates log messages.
Filter—Generates log messages and filters out subsequent ARP packets from that MAC address.
IP network
Gateway
Device
R&D Office
VLAN 10 VLAN 20
Host A Host B Host C Host D
ARP attack protection