R0106-HP MSR Router Series Security Configuration Guide(V7)
405
You can exclude the MAC addresses of some gateways and servers from this detection. This feature does
not inspect ARP packets from those devices even if they are attackers.
Configuration procedure
To configure source MAC-based ARP attack detection:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable source MAC-based
ARP attack detection and
specify the handling method.
arp source-mac { filter | monitor } By default, this feature is disabled.
3. Configure the threshold.
arp source-mac threshold
threshold-value
By default, the threshold is 30.
4. Configure the aging timer for
ARP attack entries.
arp source-mac aging-time time
By default, the lifetime is 300
seconds.
5. (Optional.) Exclude specific
MAC addresses from this
detection.
arp source-mac exclude-mac
mac-address&<1-n>
By default, no MAC address is
excluded.
The value of n is 64.
NOTE:
W
hen an ARP attack entry is aged out, ARP packets sourced from the MAC address in the entry can be
processed correctly.
Displaying and maintaining source MAC-based ARP attack
detection
Execute display commands in any view.
Task Command
Display ARP attack entries detected by source
MAC-based ARP attack detection
(MSR2000/MSR3000).
display arp source-mac [ interface interface-type
interface-number ]
Display ARP attack entries detected by source
MAC-based ARP attack detection (MSR4000).
display arp source-mac { slot slot-number | interface
interface-type interface-number }
Configuration example
Network requirements
As shown in Figure 121, the hosts access the Internet through a gateway (Device). If malicious users send
a large number of ARP requests to the gateway, the gateway might crash and cannot process requests
from the clients. To solve this problem, configure source MAC-based ARP attack detection on the
gateway.