Set Arpinspection Filter - Enterasys SecureStack C2 C2G170-24 Configuration Manual

Parameters
port‐string
none
rate pps
burst interval secs
Defaults
Rate = 15 packets per second
Burst Interval = 1 second
Mode
Switch command, read‐write.
Usage
To protect the switch against DHCP attacks when DAI is enabled, the DAI application enforces a
rate limit for ARP packets received on untrusted interfaces. DAI monitors the receive rate on each
interface separately. If the receive rate exceeds the limit configured with this command, DAI
disables the interface, which effectively brings down the interface. You can use the set port enable
command to reenable the port.
You can configure both the rate and the burst interval. The default rate is 15 pps on each untrusted
interface with a range of 0 to 100 pps. The default burst interval is 1 second with a range to 1 to 15
seconds.. The rate limit cannot be set on trusted interfaces since ARP packets received on trusted
interfaces do not come to the CPU.
Example
This example sets the rate to 20 packets per second and the burst interval to 2 seconds on ports
ge.1.1 and ge.1.2.
C2(su)->set arpinspection limit port ge.1.1-2 rate 20 burst interval 2

set arpinspection filter

Use this command to create an ARP ACL and then to assign an ACL to a VLAN, optionally as a
static mapping.
Syntax
set arpinspection filter name {permit ip host sender-ipaddr mac host
sender-macaddr | vlan vlan-range [static]}
Parameters
name
permit
ip host sender‐ipaddr
Specifies the port or ports to which to apply these rate limiting
parameters.
Configures no limit on incoming ARP packets.
Specifies a rate limit in packets per second. The value of pps can range
from 0 to 100 packets per second.
Specifies a burst interval in seconds. The value of secs can range from 1
to 15 seconds.
Specifies the name of the ARP ACL.
Specifies that a permit rule is being created.
Specifies the IP address in the rule being created.
set arpinspection filter
SecureStack C2 Configuration Guide 17-23