Gather HWS7703 - G2/0/3 - -- -- -- -- -- -- -- G1/0/28 access H3C5560-1. Host
2. Monitor the NVR
3. Small exchange - host
A, gathering switch made some ARP attack prevention strategies: ARP anti - attack gateway - duplicate enable
Arp anti - attack gratuitous arp drop -
Arp anti - attack packet - check the sender - MAC
Arp anti - attack check user - bind alarm threshold 20
MAC - address update arp
Arp - miss speed - limit the source - IP maximum 10
View the gathering log, have come in from G2/0/3 interface alarm information about the ARP
Two, access switches on the configuration of the only two vlans, divided into upstream interface TRUNK release the two VLAN
Three, access to the host fault phenomenon: ping convergence gateway, in part of the host network drops very frequent, about 10 minutes away again, don't do any operating conditions, about three or four minutes
Automatically connected again, if appear a time out to restart immediately inside the network adapter or CMD gateway under static binding, then you can immediately restore and gateway communication, at the time of time out, check the host ARP table, found that there is no gateway ARP table entries, static binding gateway, ping the host almost ten minutes will drop again, dropped the gateway of the ARP table items disappear, after it three or four minutes later restore communications, ARP - a view that has the gateway of the ARP table, dynamic, and the process continues,
ARP table which is full of learning from G2/0/3 interface to IP, imcomplete are not the real IP access switches under this
Caught software caught in the
26.35.33.77 for this host IP
26.35.33.254 to converge gateway IP
Other IP addresses are not within the LAN host IP address
And the host ping gateway time out, you can find the host 26.35.33.77 many requests the gateway of the request, but are not gateway response, but at the same time,
The host has received a lot of the broadcast request invalid IP broadcasts, this phenomenon can be judged as ARP flood attack? How to defense?
