3com S7906E Instruccion De Instalación

 

1-4 

Enable source MAC address 
based ARP attack detection 
and specify the detection mode 

arp anti-attack source-mac 
{ filter | monitor } 

Required 

Disabled by default. 

Configure the threshold 

arp anti-attack source-mac 
threshold threshold-value 

Optional 

50 by default. 

Configure the aging timer for 
source MAC address based 
ARP attack detection entries 

arp anti-attack source-mac 
aging-time time 

Optional 

Five minutes by default. 

Configure protected MAC 
addresses 

arp anti-attack source-mac 
exclude-mac 
mac-address&<1-10> 

Optional 

Not configured by default. 

 

After an ARP attack detection entry expires, the MAC address of the entry becomes ordinary. 

 

Display attacking entries 
detected (for distributed devices) 

display arp anti-attack source-mac { slot 
slot-number | interface interface-type 
interface-number } 

Available in any 
view 

Display attacking entries 
detected (for distributed IRF 
devices) 

display arp anti-attack source-mac 
{ chassis chassis-number slot slot-number | 
interface interface-type interface-number } 

Available in any 
view 

 

This feature allows you to limit the rate of ARP packets to be delivered to the CPU. For example, if an 

attacker sends a large number of ARP packets to an ARP detection enabled device, the CPU of the 

device may become overloaded because all the ARP packets are redirected to the CPU for checking. 

As a result, the device fails to deliver other functions properly or even crashes. To prevent this, you 

need to configure ARP packet rate limit. 

It is recommended that you enable this feature after the ARP detection is configured, or use this feature 

to prevent ARP flood attacks. 

Follow these steps to configure ARP packet rate limit in Ethernet interface view: