Configuration procedure
To configure source MAC address based ARP attack detection:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enable source MAC address based ARP attack detection and specify the detection mode. | arp anti-attack source-mac { filter | monitor } | Disabled by default. |
3. Configure the threshold. | arp anti-attack source-mac threshold threshold-value | Optional. 50 by default. |
4. Configure the age timer for ARP attack detection entries. | arp anti-attack source-mac aging-time time | Optional. 300 seconds by default. |
5. Configure protected MAC addresses. | arp anti-attack source-mac exclude-mac mac-address&<1-10> | Optional. Not configured by default. |
NOTE: After an ARP attack detection entry expires, ARP packets sourced from the MAC address in the entry can be processed normally. | ||