4-4
View
System view
Default Level
2: System level
Parameters
None
Description
Use the
arp anti-attack active-ack enable
command to enable the ARP active acknowledgement
function.
Use the
undo arp anti-attack active-ack enable
command to restore the default.
By default, the ARP active acknowledgement function is disabled.
Typically, this feature is configured on gateway devices to identify invalid ARP packets.
With this feature enabled, the gateway, upon receiving an ARP packet with a different source MAC
address from that in the corresponding ARP entry, checks whether the ARP entry has been updated
within the last minute:
z
If yes, the ARP entry is not updated;
z
If not, the gateway sends a unicast request to the source MAC address of the ARP entry.
Then,
z
If a response is received within five seconds, the ARP packet is ignored;
z
If no response is received, the gateway sends a unicast request to the source MAC address of the
ARP packet.
Then,
z
If a response is received within five seconds, the gateway updates the ARP entry;
z
If not, the ARP entry is not updated.
Examples
# Enable the ARP active acknowledgement function.
<Sysname> system-view
[Sysname] arp anti-attack active-ack enable
Source MAC Address Based ARP Attack Detection Configuration
Commands
arp anti-attack source-mac
Syntax
arp anti-attack source-mac
{
filter
|
monitor
}
undo arp anti-attack source-mac
[
filter
|
monitor
]
View
System view
Summary of Contents for E4510-48G
Page 109: ...2 18 Sysname interface bridge aggregation 1 Sysname Bridge Aggregation1 shutdown ...
Page 309: ...6 4 Sysname interface vlan interface 1 Sysname Vlan interface1 ip address dhcp alloc ...
Page 324: ...8 3 Sysname interface vlan interface 1 Sysname Vlan interface1 ip address bootp alloc ...
Page 530: ...2 5 Sysname mvlan 100 subvlan 10 to 15 ...
Page 739: ...8 15 Sysname system view Sysname port security trap addresslearned ...
Page 819: ...13 11 Sysname system view Sysname public key peer key2 import sshkey key pub ...
Page 914: ...5 17 Sysname reset oam ...
Page 1064: ...5 30 Slot 2 Set next configuration file successfully ...
Page 1325: ...21 13 Examples Redirect to member 2 Sysname irf switch to 2 Sysname Slave 2 ...