Configuring Arp Packet Rate Limit - H3C S5830V2 Security Configuration Manual
Hide thumbs
Also See for S5830V2:
- Configuration manual (318 pages) ,
- Command reference manual (301 pages) ,
- Installation manual (63 pages)
Table of Contents
Advertisement
Figure 68 Network diagram
Host A
Configuration considerations
If the attack packets have the same source address, configure the ARP source suppression function as
follows:
1.
Enable ARP source suppression.
2.
Set the threshold to 100. If the number of unresolvable IP packets received from a host within 5
seconds exceeds 100, the device stops resolving packets from the host until the 5 seconds elapse.
If the attack packets have different source addresses, enable the ARP blackhole routing function on the
gateway.
Configuration procedure
# Enable ARP source suppression and set the threshold to 100.
<Device> system-view
[Device] arp source-suppression enable
[Device] arp source-suppression limit 100
# Enable ARP blackhole routing.
[Device] arp resolving-route enable
Configuring ARP packet rate limit
The ARP packet rate limit feature allows you to limit the rate of ARP packets to be delivered to the CPU.
For example, if an attacker sends a large number of ARP packets to an ARP detection enabled device, the
device CPU is overloaded because all ARP packets are redirected to the CPU for inspection. As a result,
the device fails to provide other functions or even crash. To solve this problem, you can configure ARP
packet rate limit.
IP network
Gateway
Device
VLAN 10
Host B
R&D
ARP attack protection
VLAN 20
Host C
Office
214
Host D
Advertisement
Table of Contents
Troubleshooting
