(Optional) Configuring the Alarm Function for Discarded Man-in-the-Middle Attack and IP/MAC Address Spoofing Packets

By configuring the function described in this chapter, you can have an alarm generated when a specified number of man-in-the-middle attack and IP/MAC address spoofing packets are discarded.

Context

After packet check is enabled, if a received Address Resolution Protocol (ARP) or IP packet of a man-in-the-middle attack or IP/MAC address spoofing does not match any entry in the Dynamic Host Configuration Protocol (DHCP) snooping binding table, the device discards the ARP or IP packet. With the function described in this section configured, when the number of discarded packets reaches a specified threshold, an alarm is generated.

Configure the alarm function for discarded man-in-the-middle attack and IP/MAC address spoofing packets in a VLAN, BD, or interface view.

Procedure

  • Configure the alarm function for discarded man-in-the-middle attack and IP/MAC address spoofing packets in a VLAN view.
    1. Run system-view

      The system view is displayed.

    2. Run vlan vlan-id

      The VLAN view is displayed.

    3. Run dhcp snooping alarm { arp | ip } enable [ interface interface-type interface-number ]

      The alarm function for discarded man-in-the-middle attack and IP/MAC address spoofing packets is enabled for the VLAN.

    4. Run dhcp snooping alarm { arp | ip } threshold threshold [ interface interface-type interface-number ]

      The alarm threshold for the number of discarded packets is configured for the VLAN.

    5. Run commit

      The configuration is committed.

  • Configure the alarm function for discarded man-in-the-middle attack and IP/MAC address spoofing packets in a BD view.
    1. Run system-view

      The system view is displayed.

    2. Run bridge-domain bd-id

      The BD view is displayed.

    3. Run dhcp snooping alarm { arp | ip } enable

      The alarm function is enabled for discarded man-in-the-middle attack and IP/MAC address spoofing packets in the BD view.

    4. Run commit

      The configuration is committed.

  • Configure the alarm function for discarded man-in-the-middle attack and IP/MAC address spoofing packets in an interface view.
    1. Run system-view

      The system view is displayed.

    2. Run interface interface-type interface-number

      The interface view is displayed.

    3. Run dhcp snooping alarm { arp | ip } enable

      The alarm function for discarded man-in-the-middle attack and IP/MAC address spoofing packets is enabled for the interface.

    4. Run dhcp snooping alarm { arp | ip } threshold threshold-value

      The alarm threshold for the number of discarded packets is configured for the interface.

    5. Run commit

      The configuration is committed.

Parent Topic: Configuring Defense Against Man-in-the-Middle Attacks and IP/MAC Address Spoofing
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >