374
Ste
Command
Remarks
3. Set the maximum number of packets with the
same source IP address but unresolvable
destination IP addresses that the device can
receive in 5 consecutive seconds.
arp source-suppression limit
limit-value
Optional.
10 by default.
Enabling ARP black hole routing
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enable ARP black hole routing.
arp resolving-route enable
Optional.
Enabled by default.
Displaying and maintaining ARP defense against IP packet
attacks
Task Command
Remarks
Display ARP source suppression
configuration information.
display arp source-suppression [ |
{ begin | exclude | include }
regular-expression ]
Available in any view
Configuration example
Network requirements
As shown in Figure 116, a LAN contains two areas: an R&D area in VLAN 10 and an office area in VLAN
20. The two areas connect to the gateway (Device) through an access switch.
A large number of ARP requests are detected in the office area and are considered as the consequence
of an IP flood attack. To prevent such attacks, configure ARP source suppression and ARP black hole
routing.
To Next Page
Loading...
Need help?
General