beautypg.com

Configuring snmp notifications for ike, Configuring source mac-based arp attack detection, Configuration guidelines – H3C Technologies H3C S12500-X Series Switches User Manual

Page 231: Configuration procedure

background image

219

302B

Configuration guidelines

Configure this feature when ARP detection, ARP snooping, ARP fast-reply, or MFF is enabled, or when

ARP flood attacks are detected.

303B

Configuration procedure

This task sets a rate limit for ARP packets received on an interface. When the receiving rate of ARP

packets on the interface exceeds the rate limit, those packets are discarded. You can enable sending

notifications to the SNMP module or enabling logging for ARP packet rate limit. If sending notifications
is enabled for the events, you must use the snmp-agent target-host to set the notification type and target

host. For more information about notifications, see Network Management and Monitoring Command

Reference.
To configure ARP packet rate limit:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

(Optional.) Enable notification
sending for ARP.

snmp-agent trap enable arp
[ rate-limit ]

By default, notification sending for
ARP is disabled.

3.

(Optional.) Enable logging for
ARP packet rate limit.

arp rate-limit log enable

By default, logging for ARP packet
rate limit is disabled.

4.

(Optional.) Set the notification
and log message sending

interval.

arp rate-limit log interval
seconds

By default, the device sends
notifications and log messages at an
interval of 60 seconds.

5.

Enter Layer 2 Ethernet
interface view.

interface interface-type
interface-number

N/A

6.

Enable ARP packet rate limit
and configure the rate limit.

arp rate-limit [ pps ]

By default, ARP packet rate limit is
enabled, and the rate limit is 2000

pps.

134B

Configuring source MAC-based ARP attack

detection

This feature checks the number of ARP packets received from the same MAC address within 5 seconds

against a specific threshold. If the threshold is exceeded, the device adds the MAC address in an ARP

attack entry. Before the entry is aged out, the device handles the attack by using either of the following

methods:

Monitor—Only generates log messages.

Filter—Generates log messages and filters out subsequent ARP packets from that MAC address.

You can exclude the MAC addresses of some gateways and servers from this detection. This feature does
not inspect ARP packets from those devices even if they are attackers.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: