R21xx-HP FlexFabric 11900 Security Command Reference
164
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
pps: Specifies the upper limit for ARP packet rate in pps. The value range for this argument is 5 to 200.
Examples
# Specify the maximum ARP packet rate on Ten-GigabitEthernet 1/0/1 as 50 pps.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] arp rate-limit 50
Source MAC based ARP attack detection
commands
arp source-mac
Use arp source-mac to enable the source MAC address based ARP attack detection and specify a
handling method.
Use undo arp source-mac to restore the default.
Syntax
arp source-mac { filter | monitor }
undo arp source-mac [ filter | monitor ]
Default
The source MAC address based ARP attack detection function is disabled.
Views
System view
Predefined user roles
network-admin
Parameters
filter: Generates log messages and discards subsequent ARP packets from the MAC address.
monitor: Only generates log message.
Usage guidelines
Configure this feature on the gateway devices.
This function enables the router to check the source MAC address of ARP packets received from the same
MAC address within 5 seconds against a specific threshold. If the threshold is exceeded, the router takes
the preconfigured method to handle the attack.
If neither the filter nor the monitor keyword is specified in the undo arp anti-attack source-mac command,
both handling methods are disabled.