Configuring Arp Packet Rate Limit; Configuration Guidelines; Configuration Procedure - HP MSR2000 Configuration Manual
Hide thumbs
Also See for MSR2000:
- Configuration manual (455 pages) ,
- Manual (73 pages) ,
- High availability configuration manual (91 pages)
Table of Contents
Advertisement
Configuring ARP packet rate limit
NOTE:
This feature is not supported in the current release, and it is reserved for future use.
The ARP packet rate limit feature allows you to limit the rate of ARP packets to be delivered to the CPU.
For example, if an attacker sends a large number of ARP packets to an ARP detection enabled device, the
device CPU is overloaded because all ARP packets are redirected to the CPU for inspection. As a result,
the device fails to provide other functions or even crash. To solve this problem, you can configure ARP
packet rate limit.
Configuration guidelines
Configure this feature when ARP detection, ARP snooping, or ARP fast-reply is enabled, or when ARP
flood attacks are detected.
Configuration procedure
This task sets a rate limit for ARP packets received on an interface. When the receiving rate of ARP
packets on the interface exceeds the rate limit, exceeding packets are discarded. You can enable
sending notifications to the SNMP module or outputting log messages for the events. If sending
notifications is enabled for the events, you must use the snmp-agent target-host to set the notification type
and target host. For more information about notifications, see Network Management and Monitoring
Command Reference.
To configure ARP packet rate limit:
Step
1.
Enter system view.
2.
(Optional.) Enable sending
notifications for ARP packet
rate limit.
3.
(Optional.) Enable log output
for ARP packet rate limit.
4.
(Optional.) Set an interval for
sending notifications and
outputting log messages.
5.
Enter Layer 2 Ethernet
interface.
6.
Enable ARP packet rate limit
and configure the rate limit.
Command
system-view
snmp-agent trap enable arp
rate-limit
arp rate-limit log enable
arp rate-limit log interval
seconds
interface interface-type
interface-number
arp rate-limit [ pps ]
275
Remarks
N/A
By default, notification sending for
ARP packet rate limit is disabled.
See the snmp-agent trap enable
command in Network Management
and Monitoring Command
Reference.
By default, log output for ARP packet
rate limit is disabled.
By default, the device sends
notifications and outputs log
messages at an interval of 60
seconds.
N/A
By default, ARP packet rate limit is
enabled.
The default rate limit varies
depending on the device model.
Advertisement
Table of Contents
Troubleshooting
