Table of Contents
Advertisement
Default Level
2: System level
Parameters
filter: Specifies the filter mode.
monitor: Specifies the monitor mode.
Description
Use the arp anti-attack source-mac command to enable source MAC address based ARP attack
detection and specify the detection mode.
Use the undo arp anti-attack source-mac command to restore the default.
By default, source MAC address based ARP attack detection is disabled.
After you enable this feature, the device checks the source MAC address of ARP packets received
from the VLAN. If the number of ARP packets received from a source MAC address within five
seconds exceeds the specified threshold:
In filter detection mode, the device displays an alarm and filters out the ARP packets from the
MAC address.
In monitor detection mode, the device only displays an alarm.
Note that: If no detection mode is specified in the undo arp anti-attack source-mac command, both
detection modes are disabled.
Examples
# Enable filter-mode source MAC address based ARP attack detection
<Sysname> system-view
[Sysname] arp anti-attack source-mac filter
arp anti-attack source-mac aging-time
Syntax
arp anti-attack source-mac aging-time time
undo arp anti-attack source-mac aging-time
View
System view
Default Level
2: System level
Parameters
time: Aging timer for protected MAC addresses, in the range of 60 to 6000 seconds.
Description
Use the arp anti-attack source-mac aging-time command to configure the aging timer for protected
MAC addresses.
Use the undo arp anti-attack source-mac aging-time command to restore the default.
4-5
Advertisement
Chapters
Table of Contents
