[x]

Source MAC address based ARP attack detection configuration commands > arp anti-attack source-mac

 

 Next

arp anti-attack source-mac

Syntax

arp anti-attack source-mac { filter | monitor }

undo arp anti-attack source-mac [ filter | monitor ]

View

System view

Default level

2: System level

Parameters

filter: Generates log messages and discards subsequent ARP packets from the MAC address.

monitor: Only generates log message.

Description

Use arp anti-attack source-mac to enable the source MAC address based ARP attack detection and specify a handling method.

Use undo arp anti-attack source-mac to restore the default.

By default, source MAC address based ARP attack detection is disabled.

This function enables the router to check the source MAC address of ARP packets received from the same MAC address within 5 seconds against a specific threshold. If the threshold is exceeded, the router takes the preconfigured method to handle the attack.

If neither the filter nor the monitor keyword is specified in the undo arp anti-attack source-mac command, both handling methods are disabled.

Examples

# Enable the source MAC address based ARP attack detection and specify the filter handling method.

<Sysname> system-view
[Sysname] arp anti-attack source-mac filter

prev

 

up

 next

Source MAC address based ARP attack detection configuration commands 

home

 arp anti-attack source-mac aging-time

© Copyright 2016 Hewlett Packard Enterprise Development LP