400
Configuring ARP source suppression
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enable ARP source suppression.
arp source-suppression
enable
Disabled by default.
3. Set the maximum number of unresolvable
packets that the device can receive from a
device in 5 seconds.
arp source-suppression
limit
limit-value
Optional.
10 by default.
Displaying and maintaining ARP source suppression
Task Command Remarks
Display ARP source suppression
configuration information.
display arp source-suppression
[
|
{
begin
|
exclude
|
include
}
regular-expression ]
Available in any view.
Configuration example
Network requirements
As shown in Figure 136, a LAN contains two areas: an R&D area in VLAN 10 and an office area in
VLAN 20. The two areas connect to the gateway (Device) through an access switch respectively.
A large number of ARP requests are detected in the office area and are considered as a
consequence of an IP flood attack. To prevent such attacks, configure ARP source suppression.
Figure 136 Network diagram
IP network
Gateway
Device
R&D Office
VLAN 10 VLAN 20
Host A Host B Host C Host D
ARP attack protection
To Next Page
Loading...
Need help?
General
