Parameters
disable: Disables ARP packet rate limit.
rate pps: Specifies the ARP packet rate in pps, in the range of 50 to 500.
drop: Discards the exceeded packets.
Description
Use arp rate-limit to configure or disable ARP packet rate limit on an interface.
Use undo arp rate-limit to restore the default.
By default, ARP packet rate limit is enabled, and the ARP packet rate limit is 100 pps.
Examples
# Specify the ARP packet rate on layer 2 Ethernet port GigabitEthernet 1/0/1 as 50 pps, and exceeded
packets will be discarded.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] arp rate-limit rate 50 drop
Source MAC address based ARP attack detection
configuration commands
arp anti-attack source-mac
Syntax
arp anti-attack source-mac { filter | monitor }
undo arp anti-attack source-mac [ filter | monitor ]
View
System view
Default level
2: System level
Parameters
filter: Specifies the filter mode.
monitor: Specifies the monitor mode.
Description
Use arp anti-attack source-mac to enable source MAC address based ARP attack detection and specify
the detection mode.
Use undo arp anti-attack source-mac to restore the default.
By default, source MAC address based ARP attack detection is disabled.
After you enable this feature, the device checks the source MAC address of ARP packets received from
the VLAN. It detects an attack when one MAC address sends more ARP packets in five seconds than the
specified threshold. Upon detecting an attack, the device does the following:
254