No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - Security

AR500, AR510, and AR530 V200R007

This document describes the configurations of Security, including AAA, DAA,NAC, BRAS Access, ACL, Firewall, Deep Security Defense, Local Attack Defense;Attack Defense, Traffic Suppression, ARP Security, Port Security, DHCP Snooping, IPSG, URPF, PKI, SSL, HTTPS, Keychain, separating the management plane from the service plane, security risks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Default Configuration

Default Configuration

Table 10-4 describes the default ARP security configuration.

Table 10-4  Default ARP security configuration
Parameter Default Setting
Rate limit on ARP packets based on source MAC addresses The maximum rate of ARP packets from each source MAC address is set to 0, that is, the rate of ARP packets is not limited based on the source MAC address.
Rate limit on ARP packets based on source IP addresses The device allows a maximum of 5 ARP packets from the same source IP address to pass through per second.
Rate limit on ARP packets globally or on an interface Disabled
Maximum rate and rate limiting duration of ARP packets globally or on an interface The device allows a maximum of 100 ARP packets to pass through per second.
Alarm of ARP packets discarded when the rate limit is exceeded globally or on an interface Disabled
Alarm threshold of ARP packets discarded when the rate limit is exceeded globally or on an interface 100
Maximum rate of broadcasting ARP Request packets on the VLANIF interface of the super-VLAN 1000 pps
Rate limit on ARP Miss messages based on source IP addresses The device can process a maximum of 5 ARP Miss messages triggered by IP packets from the same source IP address.
Rate limit on ARP Miss messages globally Disabled
Maximum rate and rate limiting duration of ARP Miss messages globally The device can process a maximum of 100 ARP Miss messages per second.
Alarm of ARP Miss messages discarded when the rate limit is exceeded globally Disabled
Alarm threshold of ARP Miss messages discarded when the rate limit is exceeded globally 100
Aging time of temporary ARP entries 1 second
Strict ARP learning Disabled
Interface-based ARP entry limit The maximum number of ARP entries that an interface can dynamically learn is the maximum value that can be configured on the interface.
ARP entry fixing Disabled
DAI Disabled
ARP gateway anti-collision Disabled
Gratuitous ARP packet sending Disabled
Interval for sending gratuitous ARP packets 90 seconds
MAC address consistency check in an ARP packet Disabled
ARP packet validity check Disabled
ARP learning triggered by DHCP Disabled
Translation
Download
Updated: 2019-05-25

Document ID: EDOC1000097287

Views: 13721

Downloads: 40

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next