arp source-mac
Use arp source-mac to enable the source MAC-based ARP attack detection feature and specify a handling method.
Use undo arp source-mac to disable the source MAC-based ARP attack detection feature.
Syntax
arp source-mac { filter | monitor }
undo arp source-mac [ filter | monitor ]
Default
The source MAC-based ARP attack detection feature is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
filter: Specifies the filter handling method.
monitor: Specifies the monitor handling method.
Usage guidelines
Configure this feature on the gateways.
This feature checks the number of ARP packets delivered to the CPU. If the number of packets from the same MAC address within 5 seconds exceeds a threshold, the device generates an ARP attack entry for the MAC address. Before the entry ages out, the device handles the attack by using either of the following methods:
Monitor—Only generates log messages.
Filter—Generates log messages and filters out subsequent ARP packets from the MAC address.
Make sure you have enabled the ARP logging feature before enabling the source MAC-based ARP attack detection feature. For information about the ARP logging feature, see Layer 3—IP Services Configuration Guide.
If you do not specify any handling method in the undo arp source-mac command, the command disables this feature.
Examples
# Enable the source MAC-based ARP attack detection feature and specify the filter handling method.
<Sysname> system-view [Sysname] arp source-mac filter