R21xx-HP FlexFabric 11900 Security Command Reference
166
Parameters
mac-address&<1-10>: MAC address list. The mac-address argument indicates an excluded MAC address
in the format H-H-H. &<1-10> indicates the number of excluded MAC addresses that you can configure.
Usage guidelines
If no MAC address is specified, the undo arp source-mac exclude-mac command removes all excluded
MAC addresses.
Examples
# Exclude a MAC address from source MAC based ARP attack detection.
<Sysname> system-view
[Sysname] arp source-mac exclude-mac 2-2-2
arp source-mac threshold
Use arp source-mac threshold to configure the threshold for source MAC address based ARP attack
detection. If the number of ARP packets sent from a MAC address within 5 seconds exceeds this threshold,
the device recognizes this as an attack.
Use undo arp source-mac threshold to restore the default.
Syntax
arp source-mac threshold threshold-value
undo arp source-mac threshold
Default
The default threshold for source MAC address based ARP attack detection is 30.
Views
System view
Predefined user roles
network-admin
Parameters
threshold-value: Specifies the threshold for source MAC address based ARP attack detection, in the
range of 1 to 5000.
Examples
# Configure the threshold for source MAC address based ARP attack detection as 50.
<Sysname> system-view
[Sysname] arp source-mac threshold 50
display arp source-mac
Use display arp source-mac to display ARP attack entries detected by source MAC address based ARP
attack detection.
Syntax
In standalone mode:
display arp source-mac { slot slot-number | interface interface-type interface-number }