Download Print this page

HP 6125XLG Configuration Manual: Configuring Arp Packet Rate Limit

R2306-hp 6125xlg blade switch security configuration guide.
Hide thumbs

Advertisement

Figure 61 Network diagram
Host A
Configuration considerations
If the attack packets have the same source address, configure the ARP source suppression function as
follows:
1.
Enable ARP source suppression.
2.
Set the threshold to 100. If the number of unresolvable IP packets received from a host within 5
seconds exceeds 100, the device stops resolving packets from the host until the 5 seconds elapse.
If the attack packets have different source addresses, enable the ARP black hole routing function on the
gateway.
Configuration procedure
# Enable ARP source suppression and set the threshold to 100.
<Device> system-view
[Device] arp source-suppression enable
[Device] arp source-suppression limit 100
# Enable ARP black hole routing.
[Device] arp resolving-route enable

Configuring ARP packet rate limit

The ARP packet rate limit feature allows you to limit the rate of ARP packets to be delivered to the CPU.
For example, if an attacker sends a large number of ARP packets to an ARP detection enabled device, the
device CPU is overloaded because all ARP packets are redirected to the CPU for inspection. As a result,
the device fails to provide other functions or even crash. To solve this problem, you can configure ARP
packet rate limit.
IP network
Gateway
Device
VLAN 10
Host B
R&D
ARP attack protection
VLAN 20
Host C
Office
173
Host D

Advertisement

Troubleshooting

   Related Manuals for HP 6125XLG

Comments to this Manuals

Symbols: 0
Latest comments: