Arp packet filtering based on gateway’s address – H3C Technologies H3C S3600 Series Switches User Manual

2-5

Task

Remarks

ARP Packet Filtering Based on Gateway’s
Address

Optional

The switch serves as an access device.

Configuring ARP Attack Detection

Optional

The switch serves as a gateway or an access
device.

Configuring the ARP Packet Rate Limit Function

Optional

The switch serves as a gateway or an access
device.

Configuring the Maximum Number of Dynamic ARP Entries that a VLAN Interface
Can Learn

Follow these steps to configure the maximum number of dynamic ARP entries that a VLAN interface

can learn:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter VLAN interface view

interface vlan-interface
vlan-id

—

Configure the maximum
number of dynamic ARP
entries that the VLAN interface
can learn

arp max-learning-num
number

Optional

For an S3600-EI switch the
value is 4031, and for an
S3600-SI switch the value is
2048 by default.

Configuring ARP Source MAC Address Consistency Check

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enable ARP source MAC
address consistency check

arp anti-attack valid-check
enable

Required

Disabled by default.

ARP Packet Filtering Based on Gateway’s Address

Follow these steps to configure ARP packet filtering based on gateway’s IP address:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter Ethernet port view

interface interface-type
interface-number

—

Configure ARP packet filtering
based on the gateway’s IP
address

arp filter source ip-address

Required

Not configured by default.