R2511-HP MSR Router Series Security Command Reference(V5)
467
Table 70 Command output
Field Descri
p
tion
Current suppression limit
Maximum number of packets with the same source IP address but
unresolvable destination IP addresses that the device can receive in 5
seconds.
Current cache length Size of cache used to record source suppression information.
Source MAC-based ARP attack detection
configuration commands
arp anti-attack source-mac
Use arp anti-attack source-mac to enable the source MAC-based ARP attack detection and specify a
handling method.
Use undo arp anti-attack source-mac to restore the default.
Syntax
arp anti-attack source-mac { filter | monitor }
undo arp anti-attack source-mac [ filter | monitor ]
Default
The source MAC-based ARP attack detection is disabled.
Views
System view
Default command level
2: System level
Parameters
filter: Generates log messages and discards subsequent ARP packets from the MAC address.
monitor: Only generates log message.
Usage guidelines
This function enables the router to check the source MAC address of ARP packets received from the same
MAC address within 5 seconds against a specific threshold. If the threshold is exceeded, the router takes
the preconfigured method to handle the attack.
If neither the filter nor the monitor keyword is specified in the undo arp anti-attack source-mac command,
both handling methods are disabled.
Examples
# Enable the source MAC-based ARP attack detection and specify the filter handling method.
<Sysname> system-view
[Sysname] arp anti-attack source-mac filter