Manualshelf

R2511-HP MSR Router Series Security Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router
421422423424425426427428429430
408
Figure 134 Network diagram
Configuration considerations
If the attack packets have the same source address, you can enable the ARP source suppression function
as follows:
1. Enable ARP source suppression.
2. Set the threshold to 100. If the number of unresolvable IP packets received from a host within 5
seconds exceeds 100, the device stops resolving packets from the host until the 5 seconds elapse.
Configuration procedure
# Enable ARP source suppression and set the threshold to 100.
<Device> system-view
[Device] arp source-suppression enable
[Device] arp source-suppression limit 100
Configuring source MAC-based ARP attack
detection
This feature checks the number of ARP packets received from the same MAC address within 5 seconds
against a specific threshold. If the threshold is exceeded, the device adds the MAC address in an ARP
attack entry.
Before the entry is aged out, the device handles the attack by using either of the following methods:
Monitor—Generates log messages.
Filter—Generates log messages and filters out subsequent ARP packets from that MAC address.
After an ARP attack detection entry expires, ARP packets sourced from the MAC address in the entry can
be processed correctly.
IP network
Gateway
Device
R&D Office
VLAN 10 VLAN 20
Host A Host B Host C Host D
ARP attack protection