Инструкции По Установке для 3com S7906E
1-4
To do…
Use the command…
Remarks
Enable source MAC address
based ARP attack detection
and specify the detection mode
based ARP attack detection
and specify the detection mode
arp anti-attack source-mac
{ filter | monitor }
{ filter | monitor }
Required
Disabled by default.
Configure the threshold
arp anti-attack source-mac
threshold threshold-value
threshold threshold-value
Optional
50 by default.
Configure the aging timer for
source MAC address based
ARP attack detection entries
source MAC address based
ARP attack detection entries
arp anti-attack source-mac
aging-time time
aging-time time
Optional
Five minutes by default.
Configure protected MAC
addresses
addresses
arp anti-attack source-mac
exclude-mac
mac-address&<1-10>
exclude-mac
mac-address&<1-10>
Optional
Not configured by default.
After an ARP attack detection entry expires, the MAC address of the entry becomes ordinary.
Displaying and Maintaining Source MAC Address Based ARP Attack Detection
To do…
Use the command…
Remarks
Display attacking entries
detected (for distributed devices)
detected (for distributed devices)
display arp anti-attack source-mac { slot
slot-number | interface interface-type
interface-number }
slot-number | interface interface-type
interface-number }
Available in any
view
view
Display attacking entries
detected (for distributed IRF
devices)
detected (for distributed IRF
devices)
display arp anti-attack source-mac
{ chassis chassis-number slot slot-number |
interface interface-type interface-number }
{ chassis chassis-number slot slot-number |
interface interface-type interface-number }
Available in any
view
view
Configuring ARP Packet Rate Limit
Introduction
This feature allows you to limit the rate of ARP packets to be delivered to the CPU. For example, if an
attacker sends a large number of ARP packets to an ARP detection enabled device, the CPU of the
device may become overloaded because all the ARP packets are redirected to the CPU for checking.
As a result, the device fails to deliver other functions properly or even crashes. To prevent this, you
need to configure ARP packet rate limit.
It is recommended that you enable this feature after the ARP detection is configured, or use this feature
to prevent ARP flood attacks.
Configuring the ARP Packet Rate Limit Function
Follow these steps to configure ARP packet rate limit in Ethernet interface view: