268
configuration of the information center, see the Network Management and Monitoring Configuration
Guide.
Follow these steps to configure ARP packet rate limit:
Enable ARP packet rate limit
trap
snmp-agent trap enable arp
rate-limit
Optional
Enabled by default.
Set the interval for sending
trap and log messages when
ARP packet rate exceeds the
specified threshold rate
arp rate-limit information
interval seconds
Optional
60 seconds by default.
Enter Layer 2 Ethernet port
view/Layer 2 aggregate
interface view
interface interface-type
interface-number
Configure ARP packet rate
limit
arp rate-limit { disable | rate
pps drop }
Required
Disabled by default..
NOTE:
ï‚· If you enable ARP packet rate limit on a Layer 2 aggregate interface, trap and log messages are sent when the
ARP packet rate of a member port exceeds the preset threshold rate.
ï‚· For more information about the snmp-agent trap enable arp rate-limit command, see the
Network
Management and Monitoring Command Reference
.
Configuring source MAC address based ARP attack
detection
Introduction
This feature allows the switch to check the source MAC address of ARP packets delivered to the CPU. If
the number of ARP packets from a MAC address exceeds a specified threshold within five seconds, the
switch considers this an attack and adds the MAC address to the attack detection table. Before the attack
detection entry is aged out, the switch generates a log message upon receiving an ARP packet sourced
from that MAC address and filters out subsequent ARP packets from that MAC address (in filter mode), or
only generates a log message upon receiving an ARP packet sourced from that MAC address (in monitor
mode).
A gateway or critical server may send a large number of ARP packets. To prevent these ARP packets from
being discarded, you can specify the MAC address of the gateway or server as a protected MAC
address. A protected MAC address is excluded from ARP attack detection even if it is an attacker.
Configuration procedure
Follow these steps to configure source MAC address based ARP attack detection:
To Next Page
Loading...
Need help?
General