377
Step Command Remarks
5. Configure ARP packet rate
limit.
arp rate-limit { disable | rate pps
drop }
By default, ARP packet rate limit is
disabled.
Configuring source MAC address based ARP
attack detection
With this feature enabled, the device checks the source MAC address of ARP packets delivered to the
CPU. It detects an attack when one MAC address sends more ARP packets in 5 seconds than the
specified threshold. The device adds the MAC address to the attack detection table.
Before the attack detection entry is aged out, the device uses either of the following detection modes to
respond to the detected attack:
• Monitor mode—Generates a log message.
• Filter mode—Generates a log message and filters out subsequent ARP packets from the attacking
MAC address.
You can also configure protected MAC addresses to exclude a gateway or server from detection. A
protected MAC address is excluded from ARP attack detection even if it is an attacker.
Configuration procedure
To configure source MAC address based ARP attack detection:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable source MAC address
based ARP attack detection
and specify the detection
mode.
arp anti-attack source-mac { filter |
monitor }
Disabled by default.
3. Configure the threshold.
arp anti-attack source-mac threshold
threshold-value
Optional.
50 by default.
4. Configure the age timer for
ARP attack detection entries.
arp anti-attack source-mac aging-time time
Optional.
300 seconds by default.
5. Configure protected MAC
addresses.
arp anti-attack source-mac exclude-mac
mac-address&<1-10>
Optional.
Not configured by
default.
NOTE:
fter an ARP attack detection entry expires, ARP packets sourced from the MAC address in the entry can
be processed normally.
To Next Page
Loading...
Need help?
General