Displaying And Maintaining Source Mac Address Based Arp Attack Detection; Configuring Arp Packet Rate Limit; Introduction; Configuring The Arp Packet Rate Limit Function - H3C S5120-SI Series Operation Manual

Displaying and Maintaining Source MAC Address Based ARP Attack Detection

To do...
Display attacking entries
detected
A protected MAC address is no longer excluded from detection after the specified aging time expires.

Configuring ARP Packet Rate Limit

Introduction

This feature allows you to limit the rate of ARP packets to be delivered to the CPU.

Configuring the ARP Packet Rate Limit Function

Follow these steps to configure ARP packet rate limit in Ethernet interface view:
To do...
Enter system view
Enter Ethernet interface
view
Configure ARP packet
rate limit

Configuring ARP Detection

For information about DHCP snooping, refer to DHCP Configuration.
For information about 802.1X, refer to 802.1X Configuration.

Introduction to ARP Detection

The ARP detection feature allows only the ARP packets of authorized clients to be forwarded, hence
preventing man-in-the-middle attacks.
Use the command...
display arp anti-attack source-mac
[ interface interface-type interface-number ]
Use the command...
system-view
interface interface-type
interface-number
arp rate-limit { disable | rate
pps drop }
2-3
Available in any
view
Remarks
—
—
Required
By default, the ARP packet rate limit
is not enabled
Remarks