arp anti-attack source-mac

Syntax

arp anti-attack source-mac { filter | monitor }

undo arp anti-attack source-mac [ filter | monitor ]

View

System view

Default level

2: System level

Parameters

filter: Specifies the filter mode.

monitor: Specifies the monitor mode.

Description

Use arp anti-attack source-mac to enable source MAC-based ARP attack detection and specify the detection mode.

Use undo arp anti-attack source-mac to restore the default.

By default, source MAC-based ARP attack detection is disabled.

After you enable this feature, the device checks the source MAC address of ARP packets received from the VLAN. It detects an attack when one MAC address sends more ARP packets in 5 seconds than the specified threshold. Upon detecting an attack, the device does the following:

In filter detection mode, the device generates a log message and filters out the ARP packets from the MAC address.
In monitor detection mode, the device only generates a log message.

If no detection mode is specified in the undo arp anti-attack source-mac command, both detection modes are disabled.

Examples

# Enable filter-mode source MAC-based ARP attack detection

<Sysname> system-view
[Sysname] arp anti-attack source-mac filter

prev	up	next
Source MAC-based ARP attack detection configuration commands	home	arp anti-attack source-mac aging-time