Configuration procedure, Configuring protected mac addresses, Configuring the threshold – H3C Technologies H3C S5120 Series Switches User Manual

2-2

Configuration Procedure

Enabling source MAC address based ARP attack detection

After this feature is enabled for a device, if the number of ARP packets it receives from a MAC address

within five seconds exceeds the specified value, it generates an alarm and filters out ARP packets

sourced from that MAC address (in filter mode), or only generates an alarm (in monitor mode).

Follow these steps to configure source MAC address based ARP attack detection:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enable source MAC address
based ARP attack detection
and specify the detection mode

arp anti-attack source-mac
{ filter | monitor }

Required

Disabled by default.

Configuring protected MAC addresses

A protected MAC address is excluded from ARP attack detection even though it is an attacker. You can

specify certain MAC addresses, such as that of a gateway or important servers, as protected MAC

addresses.

Follow these steps to configure protected MAC addresses:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Configure protected MAC
addresses

arp anti-attack source-mac
exclude-mac
mac-address&<1-10>

Optional

Not configured by default.

Configuring the aging timer for protected MAC addresses

Follow these steps to configure the aging timer for protected MAC addresses:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Configure aging timer for
protected MAC addresses

arp anti-attack source-mac
aging-time time

Optional

Five minutes by default.

Configuring the threshold

Follow these steps to configure the threshold:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Configure the threshold

arp anti-attack source-mac
threshold threshold-value

Optional

50 by default