Configuration procedure
To configure source MAC-based ARP attack detection:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enable source MAC-based ARP attack detection and specify the handling method. | arp source-mac { filter | monitor } | By default, this feature is disabled. When you change the handling method from monitor to filter, the configuration takes effect immediately. When you change the handling method from filter to monitor, the device continues filtering packets that match existing attack entries. |
3. Set the threshold. | arp source-mac threshold threshold-value | The default threshold is 30. |
4. Set the aging timer for ARP attack entries. | arp source-mac aging-time time | By default, the lifetime is 300 seconds. |
5. (Optional.) Exclude specific MAC addresses from this detection. | arp source-mac exclude-mac mac-address&<1-10> | By default, no MAC address is excluded. |
NOTE: When an ARP attack entry ages out, ARP packets sourced from the MAC address in the entry can be processed correctly. | ||