373
If you enable ARP packet rate limit on a Layer 2 aggregate interface, trap and log messages are sent
when the ARP packet rate of a member port exceeds the preset threshold rate.
To configure ARP packet rate limit:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enable ARP packet rate limit
trap.
snmp-agent trap enable arp
rate-limit
Optional.
Enabled by default.
For more information, see the
snmp-agent trap enable arp
command in Network Management
and Monitoring Command
Reference.
3. Set the interval for sending
trap and log messages when
ARP packet rate exceeds the
specified threshold rate.
arp rate-limit information interval
seconds
Optional.
60 seconds by default.
4. Enter Layer 2 Ethernet
interface/Layer 2 aggregate
interface view.
interface interface-type
interface-number
N/A
5. Configure ARP packet rate
limit.
arp rate-limit { disable | rate pps
drop }
By default, ARP packet rate limit is
disabled.
Configuring source MAC address based ARP
attack detection
With this feature enabled, the device checks the source MAC address of ARP packets delivered to the
CPU. It detects an attack when one MAC address sends more ARP packets in 5 seconds than the
specified threshold. The device adds the MAC address to the attack detection table.
Before the attack detection entry is aged out, the device uses either of the following detection modes to
respond to the detected attack:
• Monitor mode—Generates a log message.
• Filter mode—Generates a log message and filters out subsequent ARP packets from the attacking
MAC address.
You can also configure protected MAC addresses to exclude a gateway or server from detection. A
protected MAC address is excluded from ARP attack detection even if it is an attacker.
Configuration procedure
To configure source MAC address based ARP attack detection:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
To Next Page
Loading...
Need help?
General
