ARP active acknowledgment configuration commands
ARP active acknowledgment function is mainly used in gateway devices, to prevent attackers from spoofing a trusted user gateway device. To enable or disable strict mode active acknowledgment by strict parameters. When you turn on strict mode, ARP active acknowledgment function perform more stringent checks before the new ARP entry, you need this equipment to resolve the ARP launched its IP address in order to trigger the normal confirmation process initiative after successfully resolved, after the success of the initiative confirmation process before allowing the device to learn the entry.
command
<H3C>system-view [H3C]arp active-ack enable
ARP prevent IP Packet Attack Configuration Commands
Recommended to turn this feature on the gateway device.
ARP source suppression function is disabled.
# Enable ARP source suppression function. <H3C>-View System [H3C] Source-suppression enable ARP
ARP prevent IP Packet Attack Configuration Commands
If the network within every 5 seconds can not be resolved to an IP address from the transmission destination IP address of an interface device IP packet exceeds a set threshold, the device will not process IP packets until this IP address that the 5 seconds end, thus avoiding the harm caused by malicious attacks.
# Configure ARP source suppression threshold is 100. <H3C>-View System [H3C] ARP-suppression limit Source 100
ARP prevent IP Packet Attack Configuration Commands
It recommends Enable ARP black hole routing on the gateway device.
# Enable ARP black hole routing. <H3C>-View System [H3C] enable route-ARP Resolving