Configuring The Arp Active Acknowledgement Function; Configuring Source Mac Address Based Arp Attack Detection; Introduction; Configuration Procedure - 3Com 4210G Series Configuration Manual

Then,
If an ARP reply is received within five seconds, the gateway updates the ARP entry;
If not, the ARP entry is not updated.

Configuring the ARP Active Acknowledgement Function

Follow these steps to configure ARP active acknowledgement:
To do...
Enter system view
Enable the ARP active
acknowledgement function

Configuring Source MAC Address Based ARP Attack Detection

Introduction

This feature allows the device to check the source MAC address of ARP packets. If the number of ARP
packets sent from a MAC address within five seconds exceeds the specified value, the device
considers this an attack.
Only the ARP packets delivered to the CPU are detected.

Configuration Procedure

Enabling source MAC address based ARP attack detection
After this feature is enabled for a device, if the number of ARP packets it receives from a MAC address
within five seconds exceeds the specified value, it generates an alarm and filters out ARP packets
sourced from that MAC address (in filter mode), or only generates an alarm (in monitor mode).
Follow these steps to configure source MAC address based ARP attack detection:
To do...
Enter system view
Enable source MAC address
based ARP attack detection
and specify the detection mode
Configuring protected MAC addresses
A protected MAC address is excluded from ARP attack detection even though it is an attacker. You can
specify certain MAC addresses, such as that of a gateway or important servers, as protected MAC
addresses.
Use the command...
system-view
arp anti-attack active-ack enable
Use the command...
system-view
arp anti-attack source-mac { filter |
monitor }
4-3
Remarks
—
Required
Disabled by default.
Remarks
—
Required
Disabled by default.