ARP attack protection configuration commands
ARP packet rate limit configuration commands
arp rate-limit
Syntax
arp rate-limit { disable | rate pps drop }
undo arp rate-limit
View
Layer 2 Ethernet port view, Layer 2 aggregate interface view
Default level
2: System level
Parameters
disable: Disables ARP packet rate limit.
rate pps: ARP packet rate in pps, in the range of 5 to 100.
drop: Discards the exceeded packets.
Description
Use the arp rate-limit command to configure or disable ARP packet rate limit on an interface.
Use the undo arp rate-limit command to restore the default.
By default, ARP packet rate limit is disabled.
Examples
# Specify the ARP packet rate on GigabitEthernet 1/0/1 as 50 pps, and exceeded packets will be
discarded.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] arp rate-limit rate 50 drop
Source MAC address based ARP attack detection
configuration commands
arp anti-attack source-mac
Syntax
arp anti-attack source-mac { filter | monitor }
undo arp anti-attack source-mac [ filter | monitor ]
293