To do...
Configure the port state
auto-recovery interval
You need to enable the port state auto-recovery feature before you can configure the port state
auto-recovery interval.
You are not recommended to configure the ARP packet rate limit function on the ports of a fabric or
an aggregation group.
ARP Attack Defense Configuration Example
ARP Attack Defense Configuration Example I
Network requirements
As shown in
Figure
1/0/2 connects to Client A, GigabitEthernet 1/0/3 connects to Client B. GigabitEthernet 1/0/1,
GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3 belong to VLAN 1.
Enable DHCP snooping on Switch A and specify GigabitEthernet 1/0/1 as the DHCP snooping
trusted port.
Enable ARP attack detection in VLAN 1 to prevent ARP man-in-the-middle attacks, and specify
GigabitEthernet 1/0/1 as the ARP trusted port.
Enable the ARP packet rate limit function on GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3 of
Switch A, so as to prevent Client A and Client B from attacking Switch A through ARP traffic.
Enable the port state auto recovery function on the ports of Switch A, and set the recovery interval
to 200 seconds.
Use the command...
arp protective-down recover
interval interval
2-3, GigabitEthernet 1/0/1 of Switch A connects to DHCP Server; GigabitEthernet
2-8
Remarks
Optional
By default, when the port state
auto-recovery function is enabled,
the port state auto-recovery
interval is 300 seconds.