[Huawei]arp speed-limit source-mac maximum 10 //配置根据任意源MAC地址进行ARP报文限速的限速值
[Huawei]arp speed-limit source-mac 1000-0000-0000 maximum 10 //配置对指定MAC地址用户的ARP报文进行限速的限速值
[Huawei]arp speed-limit source-ip 10.1.1.1 maximum 30 //配置对指定IP地址用户的ARP报文进行限速的限速值, 缺省30个
[Huawei-GigabitEthernet0/0/1]arp anti-attack rate-limit 10 //配置ARP报文的限速值
[Huawei-GigabitEthernet0/0/1]arp anti-attack rate-limit enable //使能ARP报文限速功能
[Huawei-GigabitEthernet0/0/1]arp anti-attack rate-limit alarm enable //使能ARP报文限速丢弃告警功能
[Huawei-GigabitEthernet0/0/1]arp anti-attack rate-limit alarm threshold 100 //配置ARP报文限速丢弃告警阈值,缺省为100
[Huawei-vlan10]arp anti-attack rate-limit 10
[Huawei-vlan10]arp anti-attack rate-limit enable
[Huawei-vlan10]arp anti-attack rate-limit alarm enable
[Huawei-vlan10]arp anti-attack rate-limit alarm threshold 100
[Huawei]arp-miss speed-limit source-ip maximum 10 //配置根据源IP地址进行ARP Miss消息限速的限速值
[Huawei]arp-miss speed-limit source-ip 10.1.1.1 maximum 10 //配置对指定IP地址用户的ARP Miss消息进行限速的限速值
[Huawei-GigabitEthernet0/0/1]arp-miss anti-attack rate-limit enable //使能ARP Miss消息限速功能
[Huawei-GigabitEthernet0/0/1]arp-miss anti-attack rate-limit alarm enable //使能ARP Miss消息限速丢弃告警功能
[Huawei-GigabitEthernet0/0/1]arp-miss anti-attack rate-limit alarm threshold 100 //配置ARP Miss消息限速丢弃告警阈值,缺省为100
[Huawei-vlan10]arp-miss anti-attack rate-limit enable
[Huawei-vlan10]arp-miss anti-attack rate-limit alarm enable
[Huawei-vlan10]arp-miss anti-attack rate-limit alarm threshold 100
[Huawei]arp learning strict //配置全局ARP表项严格学习功能
[Huawei-GigabitEthernet0/0/1]arp-limit vlan 10 maximum 10 //配置基于二层接口的ARP表项限制
[Huawei]display arp anti-attack configuration all //查看ARP防攻击配置
[Huawei]display arp-limit //查看接口可以学习到的动态ARP表项数目的最大值
[Huawei]display arp learning strict //查看全局和所有VLANIF接口上的ARP表项严格学习情况
[Huawei]arp anti-attack entry-check fixed-mac enable //配置ARP表项固化功能
[Huawei]arp anti-attack entry-check fixed-all enable
[Huawei]arp anti-attack entry-check send-ack enable
[Huawei-Vlanif10]arp anti-attack entry-check fixed-mac enable //接口使能ARP表项固化功能
[Huawei-Vlanif10]arp anti-attack entry-check fixed-all enable
[Huawei-Vlanif10]arp anti-attack entry-check send-ack enable
[Huawei-GigabitEthernet0/0/1]arp anti-attack check user-bind enable //使能动态ARP检测功能
[Huawei-GigabitEthernet0/0/1]arp anti-attack check user-bind check-item ip-address //配置对ARP报文进行绑定表匹配检查的检查项
[Huawei-GigabitEthernet0/0/1]arp anti-attack check user-bind check-item mac-address
[Huawei-GigabitEthernet0/0/1]arp anti-attack check user-bind check-item vlan
[Huawei-GigabitEthernet0/0/1]arp anti-attack check user-bind alarm enable //使能动态ARP检测丢弃报文告警功能
[Huawei-GigabitEthernet0/0/1]arp anti-attack check user-bind alarm threshold 100 //配置动态ARP检测丢弃报文告警阈值, 缺省为100
[Huawei]dhcp enable //全局使能DHCP功能
[Huawei]dhcp snooping enable //全局使能DHCP Snooping功能
[Huawei-GigabitEthernet0/0/1]dhcp snooping enable //使能接口的DHCP Snooping功能
[Huawei-GigabitEthernet0/0/1]dhcp snooping trusted //配置接口为信任状态
[Huawei-vlan10]dhcp snooping enable
[Huawei-vlan10]dhcp snooping trusted interface GigabitEthernet 0/0/1
[Huawei]arp anti-attack gateway-duplicate enable //使能ARP防网关冲突攻击功能
[Huawei-Vlanif10]arp gratuitous-arp send enable //使能发送免费ARP报文的功能
[Huawei-Vlanif10]arp gratuitous-arp send interval 60 //配置发送免费ARP报文的时间间隔,缺省为60秒
[Huawei]arp anti-attack packet-check sender-mac //使能ARP报文合法性检查功能,并指定ARP报文合法性检查项
[Huawei-Vlanif10]arp learning dhcp-trigger //使能DHCP触发ARP学习功能
[Huawei]display arp anti-attack configuration check user-bind interface GigabitEthernet 0/0/1 //查看VLAN或接口下动态ARP检测的相关配置
[Huawei]display arp anti-attack gateway-duplicate item //查看ARP防网关冲突攻击表项
[Huawei]display arp packet statistics //查看ARP处理的报文统计数据
[Huawei]display arp anti-attack statistics check user-bind interface g0/0/1 //查看接口下进行ARP报文绑定表匹配检查的ARP报文丢弃计数
[Huawei]display arp anti-attack arpmiss-record-info //查看ARP Miss消息限速触发时的相关信息
reset arp packet statistics //清除ARP报文的统计信息
reset arp anti-attack statistics check user-bind interface g0/0/1 //清除由于不匹配绑定表而丢弃的ARP报文计数
reset arp anti-attack statistics rate-limit //清除由于ARP报文超过速率限制阈值而被丢弃的计数
[Huawei]arp anti-attack log-trap-timer 1 //配置对潜在的ARP攻击行为发送告警的时间间隔