R21xx-HP FlexFabric 11900 Security Configuration Guide
127
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable source MAC address
based ARP attack detection
and specify the handling
method.
arp source-mac { filter | monitor } By default, this feature is disabled.
3. Configure the threshold.
arp source-mac threshold
threshold-value
The default threshold is 30.
4. Configure the aging timer for
ARP attack entries.
arp source-mac aging-time time
By default, the lifetime is 300
seconds.
5. (Optional.) Exclude specified
MAC addresses from this
detection.
arp source-mac exclude-mac
mac-address&<1-10>
By default, no MAC address is
excluded.
NOTE:
W
hen an ARP attack entry expires, ARP packets sourced from the MAC address in the entry can be
processed correctly.
Displaying and maintaining source MAC address based ARP
attack detection
Execute display commands in any view.
Task Command
Display ARP attack entries detected by source
MAC address based ARP attack detection (in
standalone mode).
display arp source-mac { slot slot-number | interface
interface-type interface-number }
Display ARP attack entries detected by source
MAC address based ARP attack detection (in IRF
mode).
display arp source-mac { chassis chassis-number slot
slot-number | interface interface-type interface-number }
Configuration example
Network requirements
As shown in Figure 45, the hosts access the Internet through a gateway (Device). If malicious users send
a large number of ARP requests to the gateway, the gateway might crash and cannot process requests
from the clients. To solve this problem, configure source MAC address based ARP attack detection on the
gateway.