Configuring Arp Packet Rate Limit; Configuring Source Mac Address Based Arp Attack Detection - HP 4800G Series Configuration Manual

Enabling ARP Black Hole Routing
Follow these steps to configure ARP black hole routing:
To do...
Enter system view
Enable ARP black hole routing
Displaying and Maintaining ARP Source Suppression
To do...
Display the ARP source suppression
configuration information

Configuring ARP Packet Rate Limit

Introduction
This feature allows you to limit the rate of ARP packets to be delivered to the CPU. For example, if an
attacker sends a large number of ARP packets to an ARP detection enabled device, the CPU of the
device may become overloaded because all the ARP packets are redirected to the CPU for checking.
As a result, the device fails to deliver other functions properly or even crashes. To prevent this, you need
to configure ARP packet rate limit.
It is recommended that you enable this feature after the ARP detection is configured, or use this feature
to prevent ARP flood attacks.
Configuration Procedure
Follow these steps to configure ARP packet rate limit:
To do...
Enter system view
Enter Ethernet interface
view
Configure ARP packet rate
limit

Configuring Source MAC Address Based ARP Attack Detection

Introduction
This feature allows the device to check the source MAC address of ARP packets. If the number of ARP
packets sent from a MAC address within five seconds exceeds the specified value, the device
considers this an attack and adds the MAC address to the attack detection table. Before the attack
Use the command...
system-view
arp resolving-route enable
Use the command...
display arp source-suppression
Use the command...
system-view
interface interface-type
interface-number
arp rate-limit { disable |
rate pps drop }
1-3
Remarks
—
Optional
Enabled by default
Remarks
Available in any view
Remarks
—
—
Required
By default, the ARP packet rate limit
is enabled and is 100 pps.