Displaying And Maintaining Source Mac Address Based Arp Attack Detection - HP 12500 Series Configuration Manual

You can exclude the MAC addresses of some gateways and servers from detection. This feature does not
inspect ARP packets from those devices even if they are attackers.
Only the ARP packets delivered to the CPU are checked.
To configure source MAC address based ARP attack detection:
Step
1. Enter system view.
2. Enable source MAC address
based ARP attack detection
and specify the handling
method.
3. Configure the threshold.
4. Configure the age time for
ARP attack entries.
5. Exclude
addresses from this detection.
NOTE:
After an ARP attack detection entry expires, ARP packets sourced from the MAC address in the entry can
be processed normally.
Displaying and maintaining source MAC address based ARP
attack detection
Task
Display attacking entries
detected (in standalone mode).
Display attacking entries
detected (in IRF mode).
Command
system-view
arp anti-attack source-mac { filter |
monitor }
arp anti-attack source-mac threshold
threshold-value
arp anti-attack source-mac aging-time
time
specified MAC
arp anti-attack source-mac exclude-mac
mac-address&<1-n>
Command
display arp anti-attack source-mac { slot
slot-number | interface interface-type
interface-number } [ | { begin | exclude | include }
regular-expression ]
display arp anti-attack source-mac { chassis
chassis-number slot slot-number | interface
interface-type interface-number } [ | { begin |
exclude | include } regular-expression ]
268
Remarks
N/A
Disabled by default.
Optional.
150 by default.
Optional.
300 seconds by default.
Optional.
No MAC address is
excluded by default.
The maximum value for n is
64.
Remarks
Available in any view.
Available in any view.