623
Parameters
filter
: Specifies the filter handling method.
monitor
: Specifies the monitor handling method.
Usage guidelines
Configure this feature on the gateways.
This feature checks the number of ARP packets delivered to the CPU. If the number of packets from
the same MAC address within 5 seconds exceeds a threshold, the device generates an ARP attack
entry for the MAC address. Before the entry ages out, the device handles the attack by using either
of the following methods:
•
Monitor
—Only generates log messages.
•
Filter
—Generates log messages and filters out subsequent ARP packets from the MAC
address.
Make sure you have enabled the ARP logging feature before enabling the source MAC-based ARP
attack detection feature. For information about the ARP logging feature, see
Layer 3—IP Services
Configuration Guide
.
If you do not specify any handling method in the
undo arp source-mac
command, the command
disables this feature.
Examples
# Enable the source MAC-based ARP attack detection feature and specify the filter handling method.
<Sysname> system-view
[Sysname] arp source-mac filter
arp source-mac aging-time
Use
arp source-mac aging-time
to set the aging time for ARP attack entries.
Use
undo arp source-mac aging-time
to restore the default.
Syntax
arp source-mac aging-time time
undo arp source-mac aging-time
Default
The aging time for ARP attack entries is 300 seconds.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
time
: Sets the aging time for ARP attack entries, in the range of 60 to 6000 seconds.
Examples
# Set the aging time for ARP attack entries to 60 seconds.
<Sysname> system-view
[Sysname] arp source-mac aging-time 60