Usage guidelines
If you do not specify a MAC address, the undo arp source-mac exclude-mac command removes
all excluded MAC addresses.
Examples
# Exclude a MAC address from source MAC-based ARP attack detection.
<Sysname> system-view
[Sysname] arp source-mac exclude-mac 2-2-2
arp source-mac threshold
Use arp source-mac threshold to set the threshold for source MAC-based ARP attack detection. If
the number of ARP packets sent from a MAC address within 5 seconds exceeds this threshold, the
device recognizes this as an attack.
Use undo arp source-mac threshold to restore the default.
Syntax
arp source-mac threshold threshold-value
undo arp source-mac threshold
Default
The threshold for source MAC-based ARP attack detection is 30.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
threshold-value: Specifies the threshold for source MAC-based ARP attack detection. The value
range is 1 to 5000.
Examples
# Set the threshold for source MAC-based ARP attack detection to 30.
<Sysname> system-view
[Sysname] arp source-mac threshold 30
display arp source-mac
Use display arp source-mac to display ARP attack entries detected by source MAC-based ARP
attack detection.
Syntax
In standalone mode:
display arp source-mac { slot slot-number | interface interface-type interface-number }
In IRF mode:
display arp source-mac { chassis chassis-number slot slot-number | interface interface-type
interface-number }
286