Configuration Guide NFPP Configuration
rate-limit threshold. When the ARP packet rate exceeds the warning threshold,
it will prompt the warning messages and send the TRAP message. The
host-based attack detection can isolate the attack source.
Besides, ARP-guard is able to detect the ARP scan. ARP scan is that the
source MAC address on link layer is fixed while the source IP address is
changing, or the source MAC address and source IP address are fixed while the
destination IP address is changing. Ruijie products only support to detect the
first ARP scan (the source MAC address on link layer is fixed while the source
IP address is changing).
It is worth mentioning that ARP-guard is only for the ARP DoS attack, rather
than ARP fraud or dealing with the ARP attack problems in the network.
ARP-guard configuration commands include:
Enabling arp-guard
Configuring the isolated time
Configuring the monitored time
Configuring the monitored host limit
Host-based rate-limit and attack detection
Port-based rate-limit and attack detection
Clearing the monitored hosts
Clearing the ARP scanning list
Showing related arp-guard information
Enabling ARP-guard
You can enable arp-guard in the nfpp configuration mode or in the interface
configuration mode. By default, the arp-guard is enabled.
To Next Page
Loading...
