To do...
Enable ARP source suppression
Set the maximum number of packets with the
same source IP address but unresolvable
destination IP addresses that the device can
receive in five consecutive seconds
Enabling ARP black hole routing
Follow these steps to configure ARP black hole routing:
To do...
Enter system view
Enable ARP black hole routing
Displaying and maintaining ARP defense against IP packet
attacks
To do...
Display the ARP source suppression
configuration information
ARP defense against IP packet attack configuration example
Network requirements
As shown in
VLAN 20. The two areas connect to the gateway (Device) through an access switch respectively.
A large number of ARP requests are detected in the office area and are considered as the consequence
of an IP flood attack. To prevent such attacks, configure ARP source suppression and ARP black hole
routing.
Figure
126, a LAN contains two areas: an R&D area in VLAN 10 and an office area in
Use the command...
arp source-suppression enable
arp source-suppression limit
limit-value
Use the command...
system-view
arp resolving-route enable
Use the command...
display arp source-suppression [ |
{ begin | exclude | include }
regular-expression ]
332
Remarks
Required
Disabled by default.
Optional
10 by default.
Remarks
—
Optional
Enabled by default.
Remarks
Available in any view