Task
Display ARP source suppression configuration information.
Configuration example
Network requirements
As shown in
20. Each area connects to the gateway (Device) through an access switch.
A large number of ARP requests are detected in the office area and are considered as the consequence
of an unresolvable IP attack. To prevent the attack, configure ARP source suppression or ARP blackhole
routing.
Figure 111 Network diagram
Configuration procedure
If the attack packets have the same source address, configure ARP source suppression:
•
# Enable ARP source suppression.
<Device> system-view
[Device] arp source-suppression enable
# Allow the device to receive a maximum of 100 unresolvable packets from a host in 5 seconds.
[Device] arp source-suppression limit 100
If the attack packets have different source addresses, configure ARP blackhole routing:
•
# Enable ARP blackhole routing.
[Device] arp resolving-route enable
Figure 1 1
1, a LAN contains two areas: an R&D area in VLAN 10 and an office area in VLAN
Command
display arp source-suppression
359