beautypg.com

Configuration procedure, Configuring arp packet rate limit, Configuration guidelines – H3C Technologies H3C S6300 Series Switches User Manual

Page 340

background image

325

Configuration procedure

# Enable ARP source suppression and set the threshold to 100.

system-view

[Device] arp source-suppression enable

[Device] arp source-suppression limit 100

# Enable ARP blackhole routing.

[Device] arp resolving-route enable

Configuring ARP packet rate limit

The ARP packet rate limit feature allows you to limit the rate of ARP packets delivered to the CPU. An ARP
detection enabled device will send all received ARP packets to the CPU for inspection. Processing

excessive ARP packets will make the device malfunction or even crash. To solve this problem, you can

configure ARP packet rate limit.

Configuration guidelines

Configure this feature when ARP detection, ARP snooping, or MFF is enabled, or when ARP flood attacks

are detected.

Configuration procedure

This task sets a rate limit for ARP packets received on an interface. When the receiving rate of ARP

packets on the interface exceeds the rate limit, those packets are discarded.
You can enable sending notifications to the SNMP module or enable logging for ARP packet rate limit.

If notification sending is enabled, the device sends the highest threshold-crossed ARP packet rate
within the sending interval in a notification to the SNMP module. You must use the snmp-agent

target-host to set the notification type and target host. For more information about notifications, see

Network Management and Monitoring Command Reference.

If logging for ARP packet rate limit is enabled, the device sends the highest threshold-crossed ARP
packet rate within the sending interval in a log message to the information center. You can
configure the information center module to set the log output rules. For more information about

information center, see Network Management and Monitoring Configuration Guide.

To configure ARP packet rate limit:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

(Optional.) Enable notification
sending for ARP packet rate

limit.

snmp-agent trap enable arp
[ rate-limit ]

By default, notification sending for
ARP packet rate limit is disabled.

3.

(Optional.) Enable logging for

ARP packet rate limit.

arp rate-limit log enable

By default, logging for ARP packet
rate limit is disabled.

4.

(Optional.) Set the notification

and log message sending
interval.

arp rate-limit log interval
seconds

By default, the device sends
notifications and log messages at an

interval of 60 seconds.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: