Displaying And Maintaining Source Mac Address Based Arp Attack Detection; Configuring Arp Packet Rate Limit; Introduction; Configuring The Arp Packet Rate Limit Function - H3C S5120-SI Series Configuration Manual

Configuring protected MAC addresses
You can specify certain MAC addresses, such as that of a gateway or important servers, as protected
MAC addresses. A protected MAC address is excluded from ARP attack detection. It will not trigger an
alarm or filtering even when it sends more ARP packets than the specified threshold.
To configure protected MAC addresses:
To do...
1. Enter system view
2. Configure protected MAC
addresses
Configuring the aging timer for protected MAC addresses
When its aging timer expires, a protected MAC address stops being protected.
To configure the aging timer for protected MAC addresses:
To do...
1. Enter system view
2. Configure aging timer for
protected MAC addresses
.
Displaying and maintaining source MAC address based ARP
attack detection
To do...
Display attacking entries detected

Configuring ARP packet rate limit

Introduction

This feature allows you to limit the rate of ARP packets to be delivered to the CPU.

Configuring the ARP packet rate limit function

To configure ARP packet rate limit in Ethernet interface view:
Use the command...
system-view
arp anti-attack source-mac
exclude-mac mac-address&<1-
10>
Use the command...
system-view
arp anti-attack source-mac
aging-time time
Use the command...
display arp anti-attack source-mac [
interface interface-type interface-number ]
20
Remarks
—
Optional
Not configured by default.
Remarks
—
Optional
Five minutes by default.
Remarks
Available in any
view