HP VPN Firewall Appliances Attack Protection Command Reference

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Usage guidelines

If you do not specify any interface, the display arp anti-attack source-mac command displays ARP attack

entries detected on all interfaces.

Examples

# Display the ARP attack entries detected by source MAC-based ARP attack detection.

<Sysname> display arp anti-attack source-mac

Source-MAC VLAN ID Interface Aging-time

23f3-1122-3344 4094 GE0/1 10

23f3-1122-3355 4094 GE0/2 30

23f3-1122-33ff 4094 GE0/3 25

23f3-1122-33ad 4094 GE0/4 30

23f3-1122-33ce 4094 GE0/5 2

ARP packet source MAC consistency check

configuration commands

The following matrix shows the feature and hardware compatibility:

Hardware Com

atibilit

F1000-A-EI/F1000-S-EI Yes

F1000-E No

F5000 No

F5000-S/F5000-C No

VPN firewall modules No

20-Gbps VPN firewall modules No

arp anti-attack valid-ack enable

Use arp anti-attack valid-check enable to enable ARP packet source MAC address consistency check on

the gateway.

Use undo arp anti-attack valid-check enable to restore the default.

Syntax

arp anti-attack valid-check enable

undo arp anti-attack valid-check enable

Default

ARP packet source MAC address consistency check is disabled.