Configuration Procedure - H3C S5120-SI Series Configuration Manual

Configuration Procedure

Enabling source MAC address based ARP attack detection
After this feature is enabled for a device, if the number of ARP packets it receives from a MAC address
within five seconds exceeds the specified value, it generates an alarm and filters out ARP packets
sourced from that MAC address (in filter mode), or only generates an alarm (in monitor mode).
Follow these steps to configure source MAC address based ARP attack detection:
To do...
Enter system view
Enable source MAC address
based ARP attack detection
and specify the detection mode
Configuring protected MAC addresses
A protected MAC address is excluded from ARP attack detection even though it is an attacker. You can
specify certain MAC addresses, such as that of a gateway or important servers, as protected MAC
addresses.
Follow these steps to configure protected MAC addresses:
To do...
Enter system view
Configure protected MAC
addresses
Configuring the aging timer for protected MAC addresses
Follow these steps to configure the aging timer for protected MAC addresses:
To do...
Enter system view
Configure aging timer for
protected MAC addresses
Configuring the threshold
Follow these steps to configure the threshold:
To do...
Enter system view
Configure the threshold
Use the command...
system-view
arp anti-attack source-mac
{ filter | monitor }
Use the command...
system-view
arp anti-attack source-mac
exclude-mac
mac-address&<1-10>
Use the command...
system-view
arp anti-attack source-mac
aging-time time
Use the command...
system-view
arp anti-attack source-mac
threshold threshold-value
2-2
Remarks
—
Required
Disabled by default.
Remarks
—
Optional
Not configured by default.
Remarks
—
Optional
Five minutes by default.
Remarks
—
Optional
50 by default