401
Configuration considerations
If the attack packets have the same source address, you can enable the ARP source suppression
function as follows:
1. Enable ARP source suppression.
2. Set the threshold to 100. If the number of unresolvable IP packets received from a host within 5
seconds exceeds 100, the device stops resolving packets from the host until the 5 seconds
elapse.
Configuration procedure
# Enable ARP source suppression and set the threshold to 100.
<Device> system-view
[Device] arp source-suppression enable
[Device] arp source-suppression limit 100
Configuring source MAC-based ARP attack
detection
This feature checks the number of ARP packets received from the same MAC address within 5
seconds against a specific threshold. If the threshold is exceeded, the device adds the MAC address
in an ARP attack entry.
Before the entry is aged out, the device handles the attack by using either of the following methods:
• Monitor—Generates log messages.
• Filter—Generates log messages and filters out subsequent ARP packets from that MAC
address.
After an ARP attack detection entry expires, ARP packets sourced from the MAC address in the
entry can be processed correctly.
You can exclude the MAC addresses of some gateways and servers from detection. This feature
does not inspect ARP packets from those devices even if they are attackers.
To configure source MAC-based ARP attack detection:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enable source MAC-based
ARP attack detection and
specify the handling method.
arp anti-attack source-mac
{
filter
|
monitor
}
Disabled by default.
3. Configure the threshold.
arp anti-attack source-mac
threshold
threshold-value
Optional.
4. Configure the lifetime for
ARP attack entries.
arp anti-attack source-mac
aging-time
time
Optional.
300 seconds by default.
5. Configure excluded MAC
addresses.
arp anti-attack source-mac
exclude-mac
mac-address&<1-n>
Optional.
No MAC address is excluded by
default.
The value range is 1 to 64.
To Next Page
Loading...
Need help?
General
