Arp Attack Defense Configuration Commands; Arp Active Acknowledgement Configuration Commands; Arp Anti-Attack Active-Ack Enable - H3C S5120-SI Series Command Reference Manual
Hide thumbs
Also See for S5120-SI Series:
- Configuration manual (745 pages) ,
- Operation manual (697 pages) ,
- Command reference manual (209 pages)
Table of Contents
Advertisement
2
ARP Attack Defense Configuration Commands
ARP Active Acknowledgement Configuration Commands
arp anti-attack active-ack enable
Syntax
arp anti-attack active-ack enable
undo arp anti-attack active-ack enable
View
System view
Default Level
2: System level
Parameters
None
Description
Use the arp anti-attack active-ack enable command to enable the ARP active acknowledgement
function.
Use the undo arp anti-attack active-ack enable command to restore the default.
By default, the ARP active acknowledgement function is disabled.
Typically, this feature is configured on gateway devices to identify invalid ARP packets.
With this feature enabled, the gateway, upon receiving an ARP packet with a different source MAC
address from that in the corresponding ARP entry, checks whether the ARP entry has been updated
within the last minute:
If yes, the ARP entry is not updated;
If not, the gateway sends a unicast request to the source MAC address of the ARP entry.
Then,
If a response is received within five seconds, the ARP packet is ignored;
If no response is received, the gateway sends a unicast request to the source MAC address of the
ARP packet.
Then,
If a response is received within five seconds, the gateway updates the ARP entry;
If not, the ARP entry is not updated.
Examples
# Enable the ARP active acknowledgement function.
2-1
Advertisement
Chapters
Table of Contents
