ARP detection also checks source MAC address consistency of ARP packets, but it is enabled on an
access device to detect only ARP packets sent to it.
Configuring ARP Packet Source MAC Address Consistency Check
Follow these steps to enable ARP packet source MAC address consistency check:
To do...
Enter system view
Enable ARP packet source MAC
address consistency check
Configuring ARP Packet Rate Limit
Introduction
This feature allows you to limit the rate of ARP packets to be delivered to the CPU.
Configuring the ARP Packet Rate Limit Function
Follow these steps to configure ARP packet rate limit:
To do...
Enter system view
Enter Ethernet port view
Configure ARP packet rate limit
Configuring ARP Detection
For information about DHCP snooping, refer to DHCP Configuration in the IP Services Volume.
For information about 802.1X, refer to 802.1X Configuration in the Security Volume.
Introduction to ARP Detection
The ARP detection feature allows only the ARP packets of legal clients to be forwarded.
Use the command...
system-view
arp anti-attack valid-check enable
Use the command...
system-view
interface interface-type
interface-number
arp rate-limit { disable | rate
pps drop }
3-5
Remarks
—
Required
Disabled by default.
Remarks
—
—
Required
By default, the ARP packet rate
limit is enabled and is 100 pps.