Configuring Arp Packet Rate Limit - HP 5120 SI Series Security Configuration Manual
Hide thumbs
Also See for 5120 SI Series:
- Command reference manual (395 pages) ,
- Installation manual (48 pages) ,
- Specification (33 pages)
Table of Contents
Advertisement
Task
User and
gateway
spoofing
prevention
Configuring ARP packet rate limit
Configuring ARP packet rate limit
This feature allows you to limit the rate of ARP packets to be delivered to the CPU. For example, if an
attacker sends a large number of ARP packets to an ARP detection enabled switch, the CPU of the switch
may become overloaded because all the ARP packets are redirected to the CPU for checking. As a result,
the switch fails to deliver other functions properly or even crashes. To prevent this, you need to configure
ARP packet rate limit.
Enable this feature after the ARP detection or ARP snooping is configured, or use this feature to prevent
ARP flood attacks.
Follow these steps to configure ARP packet rate limit:
To do...
Enter system view
Enter Layer 2 Ethernet port
view/Layer 2 aggregate
interface view
Configure ARP packet rate limit
Configuring ARP packet source MAC address
consistency check
Configuring ARP active acknowledgement
Configuring ARP detection
Configuring ARP gateway protection
Configuring ARP filtering
Use the command...
system-view
interface interface-type interface-number
arp rate-limit { disable | rate pps drop }
Remarks
Optional
Configure this function on gateways
(recommended).
Optional
Configure this function on gateways
(recommended).
Optional
Configure this function on access
devices (recommended).
Optional
Configure this function on access
devices (recommended).
Optional
Configure this function on access
devices (recommended).
305
Remarks
—
—
Required
Disabled by default.
Advertisement
Table of Contents
Troubleshooting
