Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the Alarm Function for Potential ARP Attacks
Context
After rate limiting on ARP packets or ARP Miss messages is enabled, the device discards the excess ARP packets or ARP Miss messages if the number of ARP packets or ARP Miss messages the device receives in a specified period exceeds the limit. The device considers the excess ARP packets or ARP Miss messages as potential attacks. The device records ARP logs and sends ARP alarms indicating potential attacks to the NMS.
To avoid excessive alarms and logs when ARP attacks occur, reduce the alarm and log quantities by setting a proper interval for sending alarms and recording logs.
Procedure
- Run the system-view command to enter the system view.
- Run the arp anti-attack log-trap-timer time command to set the interval for recording ARP logs and sending
ARP alarms.
The default interval for recording ARP logs and sending alarms is 0, indicating that the device does not record ARP logs or send ARP alarms.
- Run the commit command to commit the configuration.