F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Attack Protection Command Reference-6PW100
42
Default command level
2: System level
Parameters
time: Age time for ARP attack entries, in the range of 60 to 6000 seconds.
Examples
# Set the age time for ARP attack entries to 60 seconds.
<Sysname> system-view
[Sysname] arp anti-attack source-mac aging-time 60
arp anti-attack source-mac exclude-mac
Use arp anti-attack source-mac exclude-mac to exclude specific MAC addresses from source MAC
address based ARP attack detection.
Use undo arp anti-attack source-mac exclude-mac to remove the specified MAC addresses.
Syntax
arp anti-attack source-mac exclude-mac mac-address&<1-n>
undo arp anti-attack source-mac exclude-mac [ mac-address&<1-n> ]
Default
No MAC address is excluded from source MAC address based ARP attack detection.
Views
System view
Default command level
2: System level
Parameters
mac-address&<1-n>: MAC address list. The mac-address argument indicates an excluded MAC address
in the format H-H-H. &<1-n> indicates the number of MAC addresses that you can exclude.
Usage guidelines
If no MAC address is specified in the undo arp anti-attack source-mac exclude-mac command, all
excluded MAC addresses are removed.
Examples
# Exclude a MAC address from source MAC based ARP attack detection.
<Sysname> system-view
[Sysname] arp anti-attack source-mac exclude-mac 2-2-2
arp anti-attack source-mac threshold
Use arp anti-attack source-mac threshold to configure the threshold for source MAC address-based ARP
attack detection. If the number of ARP packets from a MAC address within five seconds exceeds this
threshold, the device recognizes this as an attack.
Use undo arp anti-attack source-mac threshold to restore the default.