Configuration procedure

To configure source MAC-based ARP attack detection:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enable source MAC-based ARP attack detection and specify the handling method.

arp source-mac { filter | monitor }

By default, this feature is disabled.

When you change the handling method from monitor to filter, the configuration takes effect immediately.

When you change the handling method from filter to monitor, the device continues filtering packets that match existing attack entries.

3. Set the threshold.

arp source-mac threshold threshold-value

The default threshold is 30.

4. Set the aging timer for ARP attack entries.

arp source-mac aging-time time

By default, the lifetime is 300 seconds.

5. (Optional.) Exclude specific MAC addresses from this detection.

arp source-mac exclude-mac mac-address&<1-10>

By default, no MAC address is excluded.


[NOTE: ]

NOTE:

When an ARP attack entry ages out, ARP packets sourced from the MAC address in the entry can be processed correctly.