Displaying and Maintaining Source MAC Address Based ARP Attack Detection
To do...
Display attacking entries
detected
A protected MAC address is no longer excluded from detection after the specified aging time expires.
Configuring ARP Packet Rate Limit
Introduction
This feature allows you to limit the rate of ARP packets to be delivered to the CPU.
Configuring the ARP Packet Rate Limit Function
Follow these steps to configure ARP packet rate limit in Ethernet interface view:
To do...
Enter system view
Enter Ethernet interface
view
Configure ARP packet
rate limit
Configuring ARP Detection
For information about DHCP snooping, refer to DHCP Configuration.
For information about 802.1X, refer to 802.1X Configuration.
Introduction to ARP Detection
The ARP detection feature allows only the ARP packets of authorized clients to be forwarded, hence
preventing man-in-the-middle attacks.
Use the command...
display arp anti-attack source-mac
[ interface interface-type interface-number ]
Use the command...
system-view
interface interface-type
interface-number
arp rate-limit { disable | rate
pps drop }
2-3
Available in any
view
Remarks
—
—
Required
By default, the ARP packet rate limit
is not enabled
Remarks