Source Mac-Based Arp Attack Detection Commands; Arp Source-Mac; Arp Source-Mac Aging-Time - H3C MSR Series Command Reference Manual

Comware 7 security

Hide thumbs Also See for MSR Series:

Table of Contents

Source MAC-based ARP attack detection

Use arp source-mac to enable the source MAC-based ARP attack detection feature and specify a

handling method.

Use undo arp source-mac to disable the source MAC-based ARP attack detection feature.

arp source-mac { filter | monitor }

undo arp source-mac [ filter | monitor ]

The source MAC-based ARP attack detection feature is disabled.

Predefined user roles

network-admin

filter: Generates log messages and discards subsequent ARP packets from the MAC address.

monitor: Only generates log messages.

Usage guidelines

Configure this feature on the gateways.

This feature checks the number of ARP packets delivered to the CPU. If the number of ARP packets

from the same MAC address within 5 seconds exceeds a threshold, the device takes the

preconfigured method to handle the attack.

If you do not specify both the filter and monitor keywords in the undo arp source-mac command,

the command disables this feature.

# Enable the source MAC-based ARP attack detection feature and specify the filter handling method.

<Sysname> system-view

[Sysname] arp source-mac filter

Use arp source-mac aging-time to set the aging time for ARP attack entries.

Use undo arp source-mac aging-time to restore the default.

arp source-mac aging-time time

undo arp source-mac aging-time

The aging time for ARP attack entries is 300 seconds.