Configuring arp packet rate limit, Introduction, Configuring the arp packet rate limit function – H3C Technologies H3C S5120 Series Switches User Manual

2-3

Displaying and Maintaining Source MAC Address Based ARP Attack Detection

To do…

Use the command…

Remarks

Display attacking entries
detected

display arp anti-attack source-mac
[ interface interface-type interface-number ]

Available in any
view

A protected MAC address is no longer excluded from detection after the specified aging time expires.

Configuring ARP Packet Rate Limit

Introduction

This feature allows you to limit the rate of ARP packets to be delivered to the CPU.

Configuring the ARP Packet Rate Limit Function

Follow these steps to configure ARP packet rate limit in Ethernet interface view:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter Ethernet interface
view

interface interface-type
interface-number

—

Configure ARP packet
rate limit

arp rate-limit { disable | rate
pps drop }

Required

By default, the ARP packet rate limit
is not enabled

Configuring ARP Detection

z

For information about DHCP snooping, refer to DHCP Configuration.

z

For information about 802.1X, refer to 802.1X Configuration.

Introduction to ARP Detection

The ARP detection feature allows only the ARP packets of authorized clients to be forwarded, hence

preventing man-in-the-middle attacks.