3com 5500-ei pwr Installation Instruction
2-10
ARP Attack Defense Configuration Example II
Network Requirements
Host A and Host B are connected to Gateway through an access switch (Switch). The IP and MAC
addresses of Gateway are 192.168.100.1/24 and 000D-88F8-528C. To prevent gateway spoofing
attacks from Host A and Host B, configure ARP packet filtering based on the gateway’s IP and MAC
addresses on Switch.
Network Diagram
Figure 2-4 Network diagram for defense against gateway spoofing
Eth1/0/1
Eth1/0/2
Eth1/0/3
Switch
Vlan-int 1
192.168.100.1/24
MAC:000D-88F8-528C
192.168.100.1/24
MAC:000D-88F8-528C
Gateway
Host A
Host B
Configuration Procedures
# Enter system view.
<Switch> system-view
# Configure ARP packet filtering based on the gateway’s IP and MAC addresses on Ethernet 1/0/1.
[Switch] interface Ethernet 1/0/1
[Switch-Ethernet1/0/1] arp filter binding 192.168.100.1 000d-88f8-528c
[Switch-Ethernet1/0/1] quit
# Configure ARP packet filtering based on the gateway’s IP address on Ethernet 1/0/2.
[Switch] interface Ethernet 1/0/2
[Switch-Ethernet1/0/2] arp filter source 192.168.100.1
[Switch-Ethernet1/0/2] quit
# Configure ARP packet filtering based on the gateway’s IP address on Ethernet 1/0/3.
[Switch] interface Ethernet 1/0/3
[Switch-Ethernet1/0/3] arp filter source 192.168.100.1
[Switch-Ethernet1/0/3] quit