Configuring Arp Packet Rate Limit; Introduction; Configuration Procedure - HP 5500 HI Series Configuration Manual
Security
Hide thumbs
Also See for 5500 HI Series:
- Installation manual (72 pages) ,
- Compliance and safety manual (62 pages) ,
- Quickspecs (35 pages)
Table of Contents
Advertisement
Configuration considerations
If the attacking packets have the same source address, you can enable the ARP source suppression
function with the following steps:
1.
Enable ARP source suppression.
2.
Set the threshold for ARP packets from the same source address to 100. If the number of ARP
requests sourced from the same IP address in 5 seconds exceeds 100, the device suppresses the
IP packets sourced from this IP address from triggering any ARP requests within the following 5
seconds.
If the attacking packets have different source addresses, enable the ARP black hole routing function on
the device.
Configuration procedure
1.
Enable ARP source suppression on the device and set the threshold for ARP packets from the same
source address to 100.
<Device> system-view
[Device] arp source-suppression enable
[Device] arp source-suppression limit 100
Enable ARP black hole routing on the device.
2.
<Device> system-view
[Device] arp resolving-route enable
Configuring ARP packet rate limit
Introduction
The ARP packet rate limit feature allows you to limit the rate of ARP packets to be delivered to the CPU
on a switch. For example, if an attacker sends a large number of ARP packets to an ARP detection
enabled device, the CPU of the device will be overloaded because all of the ARP packets are redirected
to the CPU for checking. As a result, the device fails to deliver other functions properly or even crashes.
To solve this problem, you can configure ARP packet rate limit.
Enable this feature after the ARP detection, or ARP snooping feature is configured, or use this feature to
prevent ARP flood attacks.
Configuration procedure
When the ARP packet rate exceeds the rate limit set on an interface, the device with ARP packet rate limit
enabled sends trap and log messages to inform the event. To avoid too many trap and log messages, you
can set the interval for sending such messages. Within each interval, the device will output the peak ARP
packet rate in the trap and log messages.
Note that trap and log messages are generated only after the trap function of ARP packet rate limit is
enabled. Trap and log messages will be sent to the information center of the device. You can set the
parameters of the information center to determine the output rules of trap and log messages. The output
rules specify whether the messages are allowed to be output and where they are bound for. For the
parameter configuration of the information center, see Network Management and Monitoring
Configuration Guide.
372
- Quick Links:
- Configuration Guide
- Configuring Aaa
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
