ARP Configuration
12.2.4 Configuring ARP Packet Source MAC
Address Consistency Check
This feature enables a gateway device to filter out ARP packets with a source MAC
address in the Ethernet header different from the sender MAC address in the message body,
so that the gateway device can learn correct ARP entries.
By default, system disables gateway spoofing.
Table 12-2 Configure ARP Packet Source MAC Address Consistency Check
Enter global configuration mode
arp anti-spoofing valid-check
Configure ARP Packet Source MAC
Address Consistency Check
copy running-config
startup-config
save modified configuration
12.2.5 Configuring Default of Anti-Spoofing
Table 12-3 Configure default of anti-spoofing
Configure ARP Packet Source MAC Address
Consistency Check
arp anti-spoofing unknown {diacard | flood}
12.2.6 Displaying and Maintain Anti-Spoofing
Table 12-4 Configure default of anti-spoofing
Display the status of anti-spoofing
show mac-address-table blackhole
Display users whether add into black hole
12.3 Configuring against ARP Flood
12.3.1 ARP Flood
Flood attacks are based on the principle of the general flow of a large number of attack
packets in the network equipment such as routers, switches, and servers, leading to depletion
To Next Page
Loading...
Need help?
General
