3-3
z If an ARP reply is received within five seconds, the gateway updates the ARP entry;
z If not, the ARP entry is not updated.
Configuring the ARP Active Acknowledgement Function
Follow these steps to configure ARP active acknowledgement:
To do… Use the command… Remarks
Enter system view
system-view
—
Enable the ARP active
acknowledgement function
arp anti-attack active-ack enable
Required
Disabled by default.
Configuring Source MAC Address Based ARP Attack Detection
Introduction
This feature allows the device to check the source MAC address of ARP packets. If the number of ARP
packets sent from a MAC address within five seconds exceeds the specified value, the device
considers this an attack.
Only the ARP packets delivered to the CPU are detected.
Configuration Procedure
Enabling source MAC address based ARP attack detection
After this feature is enabled for a device, if the number of ARP packets it receives from a MAC address
within five seconds exceeds the specified value, it generates an alarm and filters out ARP packets
sourced from that MAC address (in filter mode), or only generates an alarm (in monitor mode).
Follow these steps to configure source MAC address based ARP attack detection:
To do… Use the command… Remarks
Enter system view
system-view
—
Enable source MAC address
based ARP attack detection
and specify the detection mode
arp anti-attack source-mac { filter |
monitor }
Required
Disabled by default.
Configuring protected MAC addresses
A protected MAC address is excluded from ARP attack detection even though it is an attacker. You can
specify certain MAC addresses, such as that of a gateway or important servers, as protected MAC
addresses.
To Next Page
Loading...
Need help?
General