R2511-HP MSR Router Series Security Configuration Guide(V5)
409
You can exclude the MAC addresses of some gateways and servers from detection. This feature does not
inspect ARP packets from those devices even if they are attackers.
To configure source MAC-based ARP attack detection:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable source MAC-based
ARP attack detection and
specify the handling method.
arp anti-attack source-mac { filter |
monitor }
Disabled by default.
3. Configure the threshold.
arp anti-attack source-mac
threshold threshold-value
Optional.
4. Configure the lifetime for ARP
attack entries.
arp anti-attack source-mac
aging-time time
Optional.
300 seconds by default.
5. Configure excluded MAC
addresses.
arp anti-attack source-mac
exclude-mac mac-address&<1-n>
Optional.
No MAC address is excluded by
default.
The value range is 1 to 64.
Displaying and maintaining source MAC-based ARP attack
detection
Task Command
Remarks
Display attacking MAC addresses
detected by source MAC-based
ARP attack detection.
display arp anti-attack source-mac [ interface
interface-type interface-number ] [ | { begin |
exclude | include } regular-expression ]
Available in any view.
Source MAC-based ARP attack detection configuration
example
Network requirements
As shown in Figure 135, the hosts access the Internet through a gateway (Device). If malicious users send
a large number of ARP requests to the gateway, the gateway might crash and cannot process requests
from the clients. To solve this problem, configure source MAC-based ARP attack detection on the
gateway.