F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Attack Protection Configuration Guide-6PW100

Ste

Command

Remarks

2. Enable source MAC address based

ARP attack detection and specify the

handling method.

arp anti-attack source-mac { filter

| monitor }

Disabled by default.

3. Configure the threshold.

arp anti-attack source-mac

threshold threshold-value

Optional.

50 by default.

4. Configure the lifetime for ARP attack

entries.

arp anti-attack source-mac

aging-time time

Optional.

300 seconds by default.

5. Configure excluded MAC

addresses.

arp anti-attack source-mac

exclude-mac mac-address&<1-n>

Optional.

No MAC address is excluded

by default.

78BDisplaying and maintaining source MAC based ARP attack

detection

Task Command

Remarks

Display attacking MAC addresses

detected by source MAC address

based ARP attack detection.

display arp anti-attack source-mac [ interface

interface-type interface-number ] [ | { begin |

exclude | include } regular-expression ]

Available in any

view.

79BSource MAC based ARP attack detection configuration

example

172BNetwork requirements

As shown in 333HFigure 46, the hosts access the Internet through a gateway (Device). If malicious users send

a large number of ARP requests to the gateway, the gateway may crash and cannot process requests

from the clients. To solve this problem, configure source MAC address based ARP attack detection on the

gateway.