Configuring Rate Limiting On Arp Packets On Interface; Checking Configurations; Example For Configuring Dynamic Arp Inspection - Raisecom ISCOM2600G-HI (A) Series Configuration Manual

Raisecom
ISCOM2600G-HI (A) Series Configuration Guide
2
3

10.3.8 Configuring rate limiting on ARP packets on interface

Configure rate limiting on ARP packets on the interface for the ISCOM2600G-HI series
switch as below.
1
2
3

10.3.9 Checking configurations

Use the following commands to check configuration results.
1
2
3

10.3.10 Example for configuring dynamic ARP inspection

Networking requirements
To prevent ARP attacks, configure dynamic ARP inspection on Switch A, as shown in Figure
10-3.


Step
Raisecom(config)#ip arp-
inspection binding dhcp-snooping
{ auto-update | static }
Raisecom(config)#ip arp-
inspection vlan
Step
Raisecom#config
Raisecom(config)#interface
interface-type interface-
number
Raisecom(config-
gigaethernet1/1/port)#ip arp-
rate-limit rate
No.
Raisecom#show ip arp-inspection
Raisecom#show ip arp-inspection
binding [ interface-type
interface-number
Raisecom#show ip arp-rate-limit
Uplink GE 1/1/3 allows all ARP packets to pass.
Downlink GE 1/1/1 allows ARP packets with specified IP address 10.10.10.1 to pass.
Raisecom Proprietary and Confidential
Copyright © Raisecom Technology Co., Ltd.
Command
vlan-list
Command
rate-value
Command
]
Description
Configure ARP entry conversion.
Configure protection VLAN of
dynamic ARP inspection.
Description
Enter global configuration mode.
Enter physical layer interface
configuration mode.
Configure the rate limit of ARP
packets on the interface.
Description
Show configurations of dynamic ARP
inspection.
Show information about the dynamic
ARP inspection binding table.
Show configurations of rate limiting
on ARP packets.
10 Security
414