F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Attack Protection Command Reference-6PW100
44
Examples
# Display the ARP attack entries detected by source MAC address-based ARP attack detection.
<Sysname> display arp anti-attack source-mac
Source-MAC VLAN ID Interface Aging-time
23f3-1122-3344 4094 GE0/1 10
23f3-1122-3355 4094 GE0/2 30
23f3-1122-33ff 4094 GE0/3 25
23f3-1122-33ad 4094 GE0/4 30
23f3-1122-33ce 4094 GE0/5 2
ARP packet source MAC consistency check
configuration commands
The following matrix shows the feature and hardware compatibility:
Hardware ARP
p
acket source MAC
consistenc
y
check com
p
atible
F1000-A-EI/F1000-S-EI Yes
F1000-E No
F5000 No
Firewall module No
U200-A Yes
U200-S Yes
arp anti-attack valid-ack enable
Use arp anti-attack valid-check enable to enable ARP packet source MAC address consistency check on
the gateway.
Use undo arp anti-attack valid-check enable to restore the default.
Syntax
arp anti-attack valid-check enable
undo arp anti-attack valid-check enable
Default
ARP packet source MAC address consistency check is disabled.
Views
System view
Default command level
2: System level
Usage guidelines
After you execute the arp anti-attack valid-check enable command, the gateway device can filter out
ARP packets with the source MAC address in the Ethernet header different from the sender MAC address
in the ARP message.