3Com Switch 8800 Configuration Guide
Chapter 12 ARP Configuration
12-4
12.3 Displaying and Debugging ARP
After the above configuration, execute the
display
command in any view to display the
running of the ARP configuration, and to verify the effect of the configuration.
Execute the
reset
command in user view to clear ARP mapping table. Execute the
debugging
command in user view to debug ARP configuration.
Table 12-4
Display and debug ARP
Operation
Command
Display ARP mapping table
display arp
[
ip
-
address
| [
dynamic
|
static
]
[ | {
begin
|
include
|
exclude
}
text
] ]
Display the current setting of the
dynamic ARP aging timer
display arp timer aging
Reset ARP mapping table
reset
arp
[
dynamic
|
static
|
interface
{
interface_type
interface_num
|
interface_name
} |
all
]
Enable ARP information debugging
debugging arp
{
error
|
info
|
packet
}
Disable ARP information
debugging
undo debugging arp
{
error
|
info
|
packet
}
12.4 Enabling/Disabling the Scheme of Preventing Attack
from Packets
12.4.1 Introduction to the Scheme of Preventing Attack from Packets
A scheme of preventing attack from packets is designed against some typical attack
modes on the 8800 series switches. The scheme can prevent attacks from IP, ARP,
802.1x and unknown multicast packets.
z
IP packet attack: Means that a Switch 8800 receives too many IP packets whose
destination addresses and VLAN port address are in the same segment. The
switch has no corresponding forwarding entries for the packets, therefore they are
sent to the CPU, occupying lots of CPU resource and even affecting normal data
forwarding.
z
ARP packet attack: Means that a Switch 8800 receives lots of ARP request
packets with the same or similar source media access control (MAC) addresses,
affecting normal ARP learning.
z
802.1x packet attack: Means that a Switch 8800 receives lots of 802.1x
authentication packets with the same or similar source MAC addresses,
consequently occupying the CPU resources.
Perform the following configuration in system view.