To do...
Enable source MAC address
based ARP attack detection
and specify the detection mode
Configure the threshold
Configure the aging timer for
source MAC address based
ARP attack detection entries
Configure protected MAC
addresses
After an ARP attack detection entry expires, the MAC address of the entry becomes ordinary.
Displaying and Maintaining Source MAC Address Based ARP Attack Detection
To do...
Display attacking entries
detected (for distributed devices)
Display attacking entries
detected (for distributed IRF
devices)
Configuring ARP Packet Rate Limit
Introduction
This feature allows you to limit the rate of ARP packets to be delivered to the CPU. For example, if an
attacker sends a large number of ARP packets to an ARP detection enabled device, the CPU of the
device may become overloaded because all the ARP packets are redirected to the CPU for checking.
As a result, the device fails to deliver other functions properly or even crashes. To prevent this, you
need to configure ARP packet rate limit.
It is recommended that you enable this feature after the ARP detection is configured, or use this feature
to prevent ARP flood attacks.
Configuring the ARP Packet Rate Limit Function
Follow these steps to configure ARP packet rate limit in Ethernet interface view:
Use the command...
arp anti-attack source-mac
{ filter | monitor }
arp anti-attack source-mac
threshold threshold-value
arp anti-attack source-mac
aging-time time
arp anti-attack source-mac
exclude-mac
mac-address&<1-10>
Use the command...
display arp anti-attack source-mac { slot
slot-number | interface interface-type
interface-number }
display arp anti-attack source-mac
{ chassis chassis-number slot slot-number |
interface interface-type interface-number }
1-4
Remarks
Required
Disabled by default.
Optional
50 by default.
Optional
Five minutes by default.
Optional
Not configured by default.
Remarks
Available in any
view
Available in any
view