HP 6125XLG R2306-HP 6125XLG Blade Switch Security Configuration Guide - Page 183
Configuration guidelines, Configuration procedure, Configuring source MAC-based ARP attack detection
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 183 highlights
Configuration guidelines Configure this feature when ARP detection, ARP snooping, or when ARP flood attacks are detected. Configuration procedure This task sets a rate limit for ARP packets received on an interface. Log messages are sent to the information center of the device. You can set output rules for log messages on the information center. For more information about information center, see Network Management and Monitoring Configuration Guide. To configure ARP packet rate limit: Step 1. Enter system view. 2. Enter Ethernet interface or aggregate interface view. 3. Enable ARP packet rate limit and configure the rate limit. Command system-view interface interface-type interface-number arp rate-limit [ pps ] Remarks N/A N/A By default, ARP packet rate limit is enabled and the rate limit is 100 pps. NOTE: If you configure ARP packet rate limit on an aggregate interface, log messages are sent when the ARP packet receiving rate on a member interface exceeds the limit. Configuring source MAC-based ARP attack detection This feature checks the number of ARP packets received from the same MAC address within 5 seconds against a specified threshold. If the threshold is exceeded, the device adds the MAC address in an ARP attack entry. Before the entry is aged out, the device handles the attack by using either of the following methods: • Monitor-Generates log messages. • Filter-Generates log messages and filters out subsequent ARP packets from that MAC address. You can exclude the MAC addresses of some gateways and servers from this detection. This feature does not inspect ARP packets from those devices even if they are attackers. Configuration procedure To configure source MAC-based ARP attack detection: Step 1. Enter system view. Command system-view Remarks N/A 174