402
Displaying and maintaining source MAC-based ARP attack
detection
Task Command Remarks
Display attacking MAC addresses
detected by source MAC-based
ARP attack detection.
display arp anti-attack source-mac
[
interface
interface-type
interface-number
] [
|
{
begin
|
exclude
|
include
} regular-expression ]
Available in any view.
Source MAC-based ARP attack detection configuration
example
Network requirements
As shown in Figure 137, the hosts access the Internet through a gateway (Device). If malicious users
send a large number of ARP requests to the gateway, the gateway might crash and cannot process
requests from the clients. To solve this problem, configure source MAC-based ARP attack detection
on the gateway.
Figure 137 Network diagram
Configuration considerations
An attacker might forge a large number of ARP packets by using the MAC address of a valid host as
the source MAC address. To prevent such attacks, configure the gateway as follows:
1. Enable source MAC-based ARP attack detection and specify the handling method.
2. Set the threshold.
3. Set the lifetime for ARP attack entries.
4. Exclude the MAC address of the server from this detection.
IP network
Gateway
Device
Host A Host B Host C Host D
ARP attack protection
Server
0012-3f86-e94c
To Next Page
Loading...
Need help?
General
