< Home

Configuring the Alarm Function for Potential ARP Attacks

Context

After rate-limiting on ARP packets based on the source IP address is enabled, the device discards the excess ARP packets if the number of ARP packets the device receives per second exceeds the limit. The device considers the excess ARP packets as potential attacks. The device sends ARP alarms indicating potential attacks to the NMS. To avoid excessive alarms, reduce the alarm quantity by setting a proper interval for sending alarms.

The configuration takes effect only on the alarm for ARP rate-limiting based on source IP addresses (corresponding to arp speed-limit source-ip). The other ARP alarms are generated at a fixed interval of 5 minutes.

Procedure

  1. Run the system-view command to enter the system view.
  2. Run the arp anti-attack log-trap-timer time command to set the interval for sending ARP alarms.

    The default interval for sending alarms is 0, indicating that the device does not send ARP alarms.

Parent Topic: Maintaining ARP Security
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic