Displaying And Maintaining Source Mac Address Based Arp Attack Detection; Configuring Arp Packet Source Mac Address Consistency Check; Introduction; Configuration Procedure - 3Com 4500G Family Configuration Manual

Displaying and Maintaining Source MAC Address Based ARP Attack Detection

To do...
Display attacking entries
detected

Configuring ARP Packet Source MAC Address Consistency Check

Introduction

This feature enables a gateway device to filter out ARP packets with the source MAC address in the
Ethernet header different from the sender MAC address in the ARP message, so that the gateway
device can learn correct ARP entries.

Configuration Procedure

Follow these steps to enable ARP packet source MAC address consistency check:
To do...
Enter system view
Enable ARP packet source MAC
address consistency check

Configuring ARP Active Acknowledgement

Introduction
Typically, the ARP active acknowledgement feature is configured on gateway devices to identify invalid
ARP packets.
With this feature enabled, the gateway, upon receiving an ARP packet with a different source MAC
address from that in the corresponding ARP entry, checks whether the ARP entry has been updated
within the last minute:
If yes, the gateway does not update the ARP entry;
If not, the gateway unicasts an ARP request to the source MAC address of the ARP entry.
Then,
If an ARP reply is received within five seconds, the ARP packet is ignored;
If not, the gateway unicasts an ARP request to the MAC address of the ARP packet.
Then,
If an ARP reply is received within five seconds, the gateway updates the ARP entry;
If not, the ARP entry is not updated.

Configuring the ARP Active Acknowledgement Function

Follow these steps to configure ARP active acknowledgement:
Use the command...
display arp anti-attack source-mac
[ interface interface-type interface-number ]
Use the command...
system-view
arp anti-attack valid-check
enable
1-5
Remarks
Available in any
view
Remarks
—
Required
Disabled by default.