Unresolvable Ip Attack Protection Configuration Example - HP 10500 Series Configuration Manual
Security configuration guide
Hide thumbs
Also See for 10500 Series:
- Security configuration manual (596 pages) ,
- Configuration manual (512 pages) ,
- Specifications (42 pages)
Table of Contents
Advertisement
Unresolvable IP attack protection configuration example
Network requirements
As shown in
20. The two areas connect to the gateway through an access switch respectively.
A large number of ARP requests are detected in the office area and are considered to be the result of an
IP flood attack. To prevent such attacks, configure ARP source suppression and ARP black hole routing.
Figure 98 Network diagram
Host A
Configuration considerations
If the attack packets have the same source address, you can enable the ARP source suppression function
as follows:
1.
Enable ARP source suppression.
2.
Set the threshold to 100. If the number of unresolvable IP packets received from a host within five
seconds exceeds 100, the device stops resolving packets from the host until the five seconds
elapse.
If the attack packets have different source addresses, enable the ARP black hole routing function on the
device.
Configuration procedure
1.
Enable ARP source suppression and set the threshold to 100.
<Device> system-view
[Device] arp source-suppression enable
[Device] arp source-suppression limit 100
2.
Enable ARP black hole routing.
<Device> system-view
[Device] arp resolving-route enable
Figure
98, a LAN contains two areas: an R&D area in VLAN 10 and an office area in VLAN
Gateway
Device
VLAN 10
Host B
R&D
IP network
ARP attack protection
VLAN 20
Host C
253
Host D
Office
Advertisement
Table of Contents
Troubleshooting
