2-12 ARP Attack Defense ConfigurationWhen configuring ARP attack defense, go to these sections for information you are interested in:z Configuring ARP Source Suppressionz Configuring ARP Active Acknowledgementz Configuring Source MAC Address Based ARP Attack Detectionz Configuring ARP Packet Source MAC Address Consistency Checkz Configuring ARP Packet Rate Limitz Configuring ARP DetectionAlthough ARP is easy to implement, it provides no security mechanism and thus is prone to networkattacks. An attacker can sendz ARP packets by acting as a trusted user or gateway. As a result, the receiving device obtainsincorrect ARP entries, and thus a communication failure occurs.z A large number of IP packets with unreachable destinations. As a result, the receiving devicecontinuously resolves destination IP addresses and thus its CPU is overloaded.z A large number of ARP packets to bring a great impact to the CPU.For details about ARP attack features and types, refer to ARP Attack Protection Technology WhitePaper.Currently, ARP attacks and viruses are threatening LAN security. The device can provide multiplefeatures to detect and prevent such attacks. This chapter mainly introduces these features.ARP Attack Defense Configuration Task ListComplete the following tasks to configure ARP attack defense:Task RemarksConfiguring ARP Source Suppression OptionalConfigure this function on gateways (recommended).Configuring ARP Active Acknowledgement OptionalConfigure this function on gateways (recommended).Configuring Source MAC Address BasedARP Attack DetectionOptionalConfigure this function on gateways (recommended).Configuring ARP Packet Source MACAddress Consistency CheckOptionalConfigure this function on gateways (recommended).Configuring ARP Packet Rate Limit OptionalConfigure this function on gateways (recommended).Configuring ARP DetectionOptionalConfigure this function on access devices(recommended).