To do...
Enter system view
Enable ARP source suppression
Set the maximum number of packets
with the same source IP address but
unresolvable destination IP
addresses that the device can
receive in five consecutive seconds
Enabling ARP Black Hole Routing
Follow these steps to configure ARP black hole routing:
To do...
Enter system view
Enable ARP black hole routing
Displaying and Maintaining ARP Source Suppression
To do...
Display the ARP source suppression
configuration information
Configuring ARP Packet Rate Limit
Introduction
This feature allows you to limit the rate of ARP packets to be delivered to the CPU. For example, if an
attacker sends a large number of ARP packets to an ARP detection enabled device, the CPU of the
device may become overloaded because all the ARP packets are redirected to the CPU for checking.
As a result, the device fails to deliver other functions properly or even crashes. To prevent this, you need
to configure ARP packet rate limit.
It is recommended that you enable this feature after the ARP detection is configured, or use this feature
to prevent ARP flood attacks.
Configuration Procedure
Follow these steps to configure ARP packet rate limit:
To do...
Enter system view
Enter Ethernet interface
view
Use the command...
system-view
arp source-suppression enable
arp source-suppression limit
limit-value
Use the command...
system-view
arp resolving-route enable
Use the command...
display arp source-suppression
Use the command...
system-view
interface interface-type
interface-number
1-3
Remarks
—
Required
Disabled by default.
Optional
10 by default.
Remarks
—
Optional
Enabled by default
Remarks
Available in any view
Remarks
—
—