Manualshelf

HP VPN Firewall Appliances Attack Protection Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
51525354555657585960
52
Ste
p
Command
Remarks
3. Configure the threshold.
arp anti-attack source-mac
threshold threshold-value
Optional.
50 by default.
4. Configure the lifetime for ARP attack
entries.
arp anti-attack source-mac
aging-time time
Optional.
300 seconds by default.
5. Configure excluded MAC
addresses.
arp anti-attack source-mac
exclude-mac mac-address&<1-n>
Optional.
No MAC address is excluded
by default.
Displaying and maintaining source MAC-based ARP attack
detection
Task Command
Remarks
Display attacking MAC addresses
detected by source MAC-based ARP
attack detection.
display arp anti-attack source-mac [ interface
interface-type interface-number ] [ | { begin |
exclude | include } regular-expression ]
Available in any
view.
Source MAC-based ARP attack detection configuration
example
Network requirements
As shown in Figure 46, the hosts access the Internet through a gateway (Device). If malicious users send
a large number of ARP requests to the gateway, the gateway might crash and cannot process requests
from the clients. To solve this problem, configure source MAC-based ARP attack detection on the
gateway.