3com 5500-ei pwr Installation Instruction

 

2-10 

Host A and Host B are connected to Gateway through an access switch (Switch). The IP and MAC 

addresses of Gateway are 192.168.100.1/24 and 000D-88F8-528C. To prevent gateway spoofing 

attacks from Host A and Host B, configure ARP packet filtering based on the gateway’s IP and MAC 

addresses on Switch.  

Figure 2-4 Network diagram for defense against gateway spoofing 

Eth1/0/1

Eth1/0/2

Eth1/0/3

Vlan-int 1
192.168.100.1/24
MAC:000D-88F8-528C

Host A

Host B

 

 

# Enter system view.  

<Switch> system-view 

# Configure ARP packet filtering based on the gateway’s IP and MAC addresses on Ethernet 1/0/1.  

[Switch] interface Ethernet 1/0/1 

[Switch-Ethernet1/0/1] arp filter binding 192.168.100.1 000d-88f8-528c 

[Switch-Ethernet1/0/1] quit 

# Configure ARP packet filtering based on the gateway’s IP address on Ethernet 1/0/2.  

[Switch] interface Ethernet 1/0/2 

[Switch-Ethernet1/0/2] arp filter source 192.168.100.1 

[Switch-Ethernet1/0/2] quit 

# Configure ARP packet filtering based on the gateway’s IP address on Ethernet 1/0/3.  

[Switch] interface Ethernet 1/0/3 

[Switch-Ethernet1/0/3] arp filter source 192.168.100.1 

[Switch-Ethernet1/0/3] quit