Got it

Preventing from arp spoofing on HG8546M routers

Latest reply: Jul 10, 2018 04:01:03 1638 4 0 0 0
Someone on my network is using arp spoofing. How can I prevent arp spoofing on my network?
  • x
  • convention:

w1
Created May 15, 2018 22:28:59

Suggest to check the product documentation, seems like there is not such feature:

http://support.huawei.com/hedex/hdx.do?docid=DOC1000450412&lang=en&id=library_change_preview&from=HedExLite
View more
  • x
  • convention:

WheatGrass
Created May 16, 2018 05:44:05

  • x
  • convention:

andsta
Created Jun 27, 2018 09:05:10

Hello,
You can try to implement a Dynamic ARP Inspection or DAI to protect against ARP spoofing. Before configuring DAI you should know that this involves having a DHCP server and also having DHCP snooping enabled.
DAI basically make routers create a table of IP address-MAC address-corresponding port bindings, called DHCP Snooping Binding Table. Therefore when a device connects to the network and ask for an IP address from the DHCP server, the Binding Table will update automatically. As an example, let's say that your device is connected to the network with the IP address A from the switch port x (the Layer-2 port you are connected to the router) and the MAC address B. The DHCP Snooping Binding Table of the router will record the combination of A-B-x (IP-MAC-port), so if your device sends a packet, it will be checked with the Binding Table. This means that the packet coming from the switch port x is accepted if and only if the IP address is A and the MAC address is B.
In case of ARP spoofing attacks, you send packets with different IP/MAC addresses from switch port x. Since there is no binding in the DHCP Snooping Binding Table with this combination, your packet is rejected by the router. Therefore, you cannot perform an ARP poisoning attack.
For the configuration procedure please refer to the following link (chapter 9.5.2: Configuring DAI): http://support.huawei.com/enterprise/docinforeader!loadDocument1.action?contentId=DOC1000027475&partNo=10122#dc_cfg_ARP_SEC_0019
View more
  • x
  • convention:

joshuaxiv
Created Jul 10, 2018 04:01:03

Hi Parash;

Please see this link. It might help you with your problem. It contains the ARP Configuration Examples of your router.
https://mega.nz/#!DIh1WZha!okfeC2MM2tNfu0DFOGMbwA3paHu1fCw8msdpR7-u7nA

Like if its helpful This post was last edited by joshuaxiv at 2018-07-10 04:09.
View more
  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.