Configuration Procedure; Displaying And Maintaining Source Mac-Based Arp Attack Detection; Configuration Example - HPE FlexNetwork 5510 HI Series Security Configuration Manual

an ARP attack entry. Before the entry is aged out, the device handles the attack by using either of the
following methods:
•
Monitor—Only generates log messages.
•
Filter—Generates log messages and filters out subsequent ARP packets from that MAC
address.
You can exclude the MAC addresses of some gateways and servers from this detection. This feature
does not inspect ARP packets from those devices even if they are attackers.

Configuration procedure

To configure source MAC-based ARP attack detection:
Step
1. Enter system view.
2. Enable source MAC-based
ARP attack detection and
specify the handling method.
3. Set the threshold.
4. Set the aging timer for ARP
attack entries.
5. (Optional.) Exclude specific
MAC addresses from this
detection.
NOTE:
When an ARP attack entry is aged out, ARP packets sourced from the MAC address in the entry can
be processed correctly.
Displaying and maintaining source MAC-based ARP attack
detection
Execute display commands in any view.
Task
Display ARP attack entries detected by source
MAC-based ARP attack detection.

Configuration example

Network requirements
As shown in
send a large number of ARP requests to the gateway, the gateway might crash and cannot process
requests from the clients. To solve this problem, configure source MAC-based ARP attack detection
on the gateway.
Command
system-view
arp
monitor }
arp
threshold-value
arp source-mac aging-time time
arp source-mac exclude-mac
mac-address&<1-10>
Figure 123, the hosts access the Internet through a gateway (Device). If malicious users
source-mac { filter
source-mac threshold
Command
display arp source-mac { slot slot-number | interface
interface-type interface-number }
415
Remarks
N/A
| By default, this
disabled.
The default threshold is 30.
By default, the lifetime is 300
seconds.
By default, no MAC address is
excluded.
feature is