Displaying and maintaining ARP source suppression
Task
Display ARP source suppression
configuration information.
Configuration example
Network requirements
As shown in
VLAN 20. The two areas connect to the gateway (Device) through an access switch respectively.
A large number of ARP requests are detected in the office area and are considered as a consequence of
an IP flood attack. To prevent such attacks, configure ARP source suppression and ARP black hole
routing.
Figure 248 Network diagram
Host A
Configuration considerations
If the attack packets have the same source address, you can enable the ARP source suppression function
as follows:
1.
Enable ARP source suppression.
2.
Set the threshold to 100. If the number of unresolvable IP packets received from a host within five
seconds exceeds 100, the device stops resolving packets from the host until the 5 seconds elapse.
If the attack packets have different source addresses, enable the ARP black hole routing function on the
device.
Figure
248, a LAN contains two areas: an R&D area in VLAN 10 and an office area in
IP network
Gateway
Device
VLAN 10
Host B
R&D
Command
display arp source-suppression [ | { begin
| exclude | include } regular-expression ]
ARP attack protection
VLAN 20
Host C
Office
510
Remarks
Available in any view.
Host D