< Home

ARP Gateway Protection

If an attacker on the network shown in Figure 1 poses as a gateway to send ARP packets, other users on the network consider the attacker to be a gateway, causing a communication interruption between authorized users and the gateway. This situation will also happen if a user incorrectly sets the host IP address as the gateway address. To prevent such bogus gateway attacks, configure ARP gateway protection on the device's interfaces connected to the gateway and set the protected gateway address to 10.1.1.1. When the ARP packets of which the source IP address is gateway address 10.1.1.1 reach a device:
  • The interfaces with gateway protection enabled can receive and forward the ARP packets.
  • The interfaces without gateway protection enabled discard the ARP packets.
Figure 1 ARP gateway protection

Parent Topic: Understanding ARP Security
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >