4000 Router Series Security Command Reference

397

Predefined user roles

network-admin

Usage guidelines

Use the command together with the snmp-agent target-host command. The snmp-agent target-host

command specifies the notification type (inform or trap) and the destination host.

Examples

# Enable the device to send notifications for ARP rate limit.

<Sysname> system-view

[Sysname] snmp-agent trap enable arp rate-limit

Source MAC-based ARP attack detection

commands

arp source-mac

Use arp source-mac to enable the source MAC-based ARP attack detection and specify a handling

method.

Use undo arp source-mac to restore the default.

Syntax

arp source-mac { filter | monitor }

undo arp source-mac [ filter | monitor ]

Default

The source MAC-based ARP attack detection function is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

filter: Generates log messages and discards subsequent ARP packets from the MAC address.

monitor: Only generates log message.

Usage guidelines

Configure this feature on the gateways.

This function enables the router to check the source MAC address of ARP packets received from the same

MAC address within 5 seconds against a specific threshold. If the threshold is exceeded, the router takes

the preconfigured method to handle the attack.

If neither the filter nor the monitor keyword is specified in the undo arp anti-attack source-mac command,

both handling methods are disabled.