Forum › Ruijie Cloud › How to Config Anti-ARP Spoofing on Ruijie Cloud?

zhangqiao@ruiji Publish time 2024-4-19 12:07:47

How to Config Anti-ARP Spoofing on Ruijie Cloud?

Application Scenario
A user may connect a small wireless router to a network without authorization and its IP address is the same as the IP address of the gateway, or malicious users impersonate the gateway. As a result, users cannot access the Internet.
Gateway anti-ARP spoofing can block ARP packets from non-trusted interfaces and ensure that the real gateway is not forged, and users can access the Internet normally.
Topology
https://realenet-1301408934.cos.ap-nanjing.myqcloud.com/markdown/material/zhishiku/material/1707370924031%7D/image.png


Principles 1.ARP
Address Resolution Protocol (ARP) can resolve MAC addresses based on IP addresses. The MAC addresses can be used for data forwarding in a LAN. When a MAC address is needed, host A broadcasts an ARP request to all hosts on the network. The ARP request contains IP information. Host B with the IP address same as that in the request responds to host A with its MAC address. After receiving the MAC address of host B, host A records it in its ARP table.
Then, host A will forward data to host B according to the ARP table.
2.Gateway ARP Spoofing
If there are more than one IP address on the network, there is a probability that a wrong MAC address is obtained, resulting in message transmission errors and bringing great security risks.
Gateway ARP spoofing is that the IP address of the gateway is impersonated, causing disconnection of normal network services and malicious interception of user communication.
3.Anti-ARP Spoofing
Switch interfaces block ARP packets that contain the gateway IP address from untrusted interfaces and only the ARP packets from trusted interfaces are forwarded to prevent users from receiving the wrong gateway MAC address.
Enable gateway anti-ARP spoofing on the ports (Gi 0/3 and Gi 0/4 in this example) of the access switch (switch A) that are directly connected to PCs. The gateway address is the intranet gateway address and the intranet server address.
Configuration StepsTab Anti ARP Spoofing under Advanced on Worksapce
https://realenet-1301408934.cos.ap-nanjing.myqcloud.com/markdown/material/zhishiku/material/1707376325526%7D/image.png
Click "Start Config" and go to the configuration interface.
https://realenet-1301408934.cos.ap-nanjing.myqcloud.com/markdown/material/zhishiku/material/1707376380808%7D/image.png
Tab the network segment you need then move to the Protection Zone.
https://realenet-1301408934.cos.ap-nanjing.myqcloud.com/markdown/material/zhishiku/material/1707376461305%7D/image.png
After the Protection Zone set done, you can click icon to select the swicth which you need to deliver this configurations.
https://realenet-1301408934.cos.ap-nanjing.myqcloud.com/markdown/material/zhishiku/material/1707376504881%7D/image.png

View full version: How to Config Anti-ARP Spoofing on Ruijie Cloud?