Enabling arp black hole routing, Configuring arp active acknowledgement, Introduction – H3C Technologies H3C S7500E Series Switches User Manual

14-3

Enabling ARP Black Hole Routing

Follow these steps to configure ARP black hole routing:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enable ARP black hole routing

arp resolving-route enable

Optional

Enabled by default

Displaying and Maintaining ARP Defense Against IP Packet Attacks

To do…

Use the command…

Remarks

Display the ARP source suppression

configuration information

display arp

source-suppression

Available in any view

Configuring ARP Active Acknowledgement

Introduction

Typically, the ARP active acknowledgement feature is configured on gateway devices to identify

invalid ARP packets.

ARP active acknowledgement works before the gateway creates or modifies an ARP entry to avoid

generating any incorrect ARP entry. For details about its working mechanism, refer to ARP Attack

Protection Technology White Paper.

Configuring the ARP Active Acknowledgement Function

Follow these steps to configure ARP active acknowledgement:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enable the ARP active

acknowledgement function

arp anti-attack active-ack enable

Required

Disabled by default.

Configuring Source MAC Address Based ARP Attack Detection

Introduction

This feature allows the device to check the source MAC address of ARP packets. If the number of

ARP packets sent from a MAC address within five seconds exceeds the specified value, the device

considers this an attack and adds the MAC address to the attack detection table. Before the attack