336
Displaying and maintaining source MAC address based ARP
attack detection
To do… Use the command…
Remarks
Display attacking MAC addresses detected
by source MAC address based ARP attack
detection
display arp anti-attack source-mac
{ slot slot-number | interface
interface-type interface-number } [ |
{ begin | exclude | include }
regular-expression ]
Available in any
view
Source MAC address based ARP attack detection
configuration example
Network requirements
As shown in Figure 127, the hosts access the Internet through a gateway (Device). If malicious users send
a large number of ARP requests to the gateway, the gateway may crash and cannot process requests
from the clients. To solve this problem, configure source MAC address based ARP attack detection on the
gateway.
Figure 127 Network diagram
IP network
Gateway
Device
Host A Host B Host C Host D
ARP attack protection
Server
0012-3f86-e94c
Configuration considerations
An attacker may forge a large number of ARP packets by using the MAC address of a valid host as the
source MAC address. To prevent such attacks, configure the gateway in the following steps.
• Enable source MAC address based ARP attack detection and specify the filter mode.
• Set the threshold.
• Set the age timer for detection entries.
To Next Page
Loading...
Need help?
General