H3C S9500 Series Operation Manual page 29

Operation Manual – ARP
H3C S9500 Series Routing Switches
[Switch1] anti-attack arp threshold 40
# Configure the aging time for ARP packet attack prevention entries to 300 seconds.
[Switch1] anti-attack arp aging-time 300
# Configure the protective MAC address for ARP packet attack prevention to 0-0-1.
[Switch1] anti-attack arp exclude-mac 0-0-1
After the above configurations, you can use the display current command to view the
ARP attack prevention configuration information, and use the display anti-attack
command to view the information about duplicate gateway attacks and ARP packet
attacks from a fixed MAC address.
Note that:
The implementation of ARP spoofing attack prevention may result in high CPU
usage.
The duplicate gateway attack prevention only ensures that attacking packets
received on a port will not be forwarded to other ports, but the hosts attached to
this port may still be attacked.
With the duplicate gateway attack prevention and ARP packet attack prevention
enabled, the switch can not only isolate attackers, but also prevent the attackers
from accessing network resources.
Chapter 3 ARP Attack Prevention Configuration
3-7