Configuring The Arp Packet Rate Limit Function - H3C S3100-52P Operation Manual

Operation Manual – ARP
H3C S3100-52P Ethernet Switch
Note:
You need to enable DHCP snooping and configure DHCP snooping trusted ports on
the switch before configuring the ARP attack detection function. For more
information about DHCP snooping, refer to DHCP Operation in this manual.
Currently, the VLAN ID of an IP-to-MAC binding configured on a port of an
S3100-52P Ethernet switch is the same as the default VLAN ID of the port. If the
VLAN tag of an ARP packet is different from the default VLAN ID of the receiving
port, the ARP packet cannot pass the ARP attack detection based on the IP-to-MAC
bindings.
Generally, the uplink port of a switch is configured as a trusted port.
Before enabling ARP restricted forwarding, make sure you have enabled ARP
attack detection and configured ARP trusted ports.
You are not recommended to configure ARP attack detection on the ports of an
aggregation group.

1.2.3 Configuring the ARP Packet Rate Limit Function

Follow these steps to configure the ARP packet rate limit function:
Enter system view
Enter Ethernet port view
Enable the ARP packet
rate limit function
Configure the maximum
ARP packet rate allowed
on the port
Quit to system view
Enable the port state
auto-recovery function
Configure the port state
auto-recovery interval
To do...
system-view
interface interface-type
interface-number
arp rate-limit enable
arp rate-limit rate
quit
arp protective-down
recover enable
arp protective-down
recover interval interval
Use the command...
1-9
Chapter 1 ARP Configuration
Remarks
—
—
Required
By default, the ARP
packet rate limit function
is disabled on a port.
Optional
By default, the maximum
ARP packet rate allowed
on a port is 15 pps.
—
Optional
Disabled by default.
Optional
By default, when the port
state auto-recovery
function is enabled, the
port state auto-recovery
interval is 300 seconds.