Figure 61 Network diagram
If the attack packets have the same source address, configure the ARP source suppression function as
Enable ARP source suppression.
Set the threshold to 100. If the number of unresolvable IP packets received from a host within 5
seconds exceeds 100, the device stops resolving packets from the host until the 5 seconds elapse.
If the attack packets have different source addresses, enable the ARP black hole routing function on the
# Enable ARP source suppression and set the threshold to 100.
[Device] arp source-suppression enable
[Device] arp source-suppression limit 100
# Enable ARP black hole routing.
[Device] arp resolving-route enable
Configuring ARP packet rate limit
The ARP packet rate limit feature allows you to limit the rate of ARP packets to be delivered to the CPU.
For example, if an attacker sends a large number of ARP packets to an ARP detection enabled device, the
device CPU is overloaded because all ARP packets are redirected to the CPU for inspection. As a result,
the device fails to provide other functions or even crash. To solve this problem, you can configure ARP
packet rate limit.
ARP attack protection