After a blackhole route is created for an unresolved IP address, the device immediately starts
the first ARP blackhole route probe by sending an ARP request. If the resolution fails, the
device continues probing according to the probe settings. If the IP address resolution succeeds
in a probe, the device converts the blackhole route to a normal route. If an ARP blackhole route
ages out before the device finishes all probes, the device deletes the blackhole route and does
not perform the remaining probes.
This feature is applicable regardless of whether the attack packets have the same source
addresses.
Configuring ARP source suppression
Step
1.
Enter system view.
2.
Enable ARP source suppression.
3.
Set the maximum number of
unresolvable packets that the
device can process per source IP
address within 5 seconds.
Configuring ARP blackhole routing
Step
1.
Enter system view.
2.
Enable ARP blackhole routing.
3.
(Optional.) Set the number of
ARP blackhole route probes for
each unresolved IP address.
4.
(Optional.) Set the interval at
which the device probes ARP
blackhole routes.
Displaying and maintaining unresolvable IP attack protection
Execute display commands in any view.
Task
Display ARP source suppression configuration
information.
Configuration example
Network requirements
As shown in
VLAN 20. Each area connects to the gateway (Device) through an access switch.
Figure
136, a LAN contains two areas: an R&D area in VLAN 10 and an office area in
Command
system-view
arp source-suppression
enable
arp source-suppression
limit limit-value
Command
system-view
arp resolving-route enable
arp resolving-route
probe-count count
arp resolving-route
probe-interval interval
Command
display arp source-suppression
511
Remarks
N/A
By default, ARP source suppression is
disabled.
By default, the maximum number is
10.
Remarks
N/A
By default, ARP blackhole routing
is enabled.
The default setting is three
probes.
The default setting is 1 second.