Configuration Procedure - H3C S5500-EI Series Security Configuration Manual
Hide thumbs
Also See for S5500-EI Series:
- Operation manual (1529 pages) ,
- Configuration manual (490 pages) ,
- Quick start manual (91 pages)
Table of Contents
Advertisement
enabled device, the CPU of the device will be overloaded because all of the ARP packets are redirected
to the CPU for checking. As a result, the device fails to deliver other functions properly or even crashes.
To solve this problem, you can configure ARP packet rate limit.
Enable this feature after the ARP detection, or ARP snooping feature is configured, or use this feature to
prevent ARP flood attacks.
Configuration procedure
When the ARP packet rate exceeds the rate limit set on an interface, the device with ARP packet rate limit
enabled sends trap and log messages to inform the event. To avoid too many trap and log messages, you
can set the interval for sending such messages. Within each interval, the device will output the peak ARP
packet rate in the trap and log messages.
Note that trap and log messages are generated only after the trap function of ARP packet rate limit is
enabled. Trap and log messages will be sent to the information center of the device. You can set the
parameters of the information center to determine the output rules of trap and log messages. The output
rules specify whether the messages are allowed to be output and where they are bound for. For the
parameter configuration of the information center, see Network Management and Monitoring
Configuration Guide.
If you enable ARP packet rate limit on a Layer 2 aggregate interface, trap and log messages are sent
when the ARP packet rate of a member port exceeds the preset threshold rate.
To configure ARP packet rate limit:
Step
1.
Enter system view.
2.
Enable ARP packet rate limit
trap.
3.
Set the interval for sending
trap and log messages when
ARP packet rate exceeds the
specified threshold rate.
4.
Enter Layer 2 Ethernet
interface/Layer 2 aggregate
interface view.
5.
Configure ARP packet rate
limit.
Command
system-view
snmp-agent trap enable arp
rate-limit
arp rate-limit information interval
seconds
interface interface-type
interface-number
arp rate-limit { disable | rate pps
drop }
385
Remarks
N/A
Optional.
Enabled by default.
For more information, see the
snmp-agent trap enable arp
command in Network Management
and Monitoring Command
Reference.
Optional.
60 seconds by default.
N/A
By default, ARP packet rate limit is
disabled.
Advertisement
Table of Contents
Troubleshooting
