No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Security

S7700 and S9700 V200R011C10

This document describes the configurations of Security, including ACL, reflective ACL, local attack defense, MFF, attack defense, traffic suppression and storm control, ARP security, port security, DHCP snooping, ND snooping, PPPoE+, IPSG, SAVI, URPF, keychain, separating the management plane from the service plane, security risks.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Default Settings for ARP Security

Default Settings for ARP Security

Table 7-5 describes the default settings for ARP security.

Table 7-5  Default settings for ARP security
Parameter Default Setting
Rate limit on ARP packets based on source MAC addresses The maximum rate of ARP packets from each source MAC address is set to 0, that is, the rate of ARP packets is not limited based on the source MAC address.
Rate limit on ARP packets based on source IP addresses

The device allows a maximum of 30 ARP packets from the same source IP address to pass through per second.

Rate limit on ARP packets globally, in a VLAN, or on an interface Disabled
Maximum rate and rate limiting duration of ARP packets globally, in a VLAN, or on an interface The device allows a maximum of 100 ARP packets to pass through per second.
Discarding all ARP packets on the interface when the rate limit is exceeded Disabled
Alarm that ARP packets are being discarded when the rate limit is exceeded globally, in a VLAN, or on an interface Disabled
Alarm threshold for ARP packets to be discarded when the rate limit is exceeded globally, in a VLAN, or on an interface 100
Maximum rate of broadcasting ARP Request packets on the VLANIF interface of the super-VLAN 1000 pps
Rate limit on ARP Miss messages based on source IP addresses The device can process a maximum of 30 ARP Miss messages triggered by IP packets from the same source IP address. If the number of ARP Miss messages per second exceeds the limit, the device discards the excess ARP Miss messages. The device then uses the block mode to discard all ARP Miss packets from the source IP address within 5 minutes by default.
Rate limit on ARP Miss messages globally, in a VLAN, or on an interface Disabled
Maximum rate and rate limiting duration of ARP Miss messages globally, in a VLAN, or on an interface The device can process a maximum of 100 ARP Miss messages per second.
Alarm that ARP Miss messages are being discarded when the rate limit is exceeded globally, in a VLAN, or on an interface Disabled
Alarm threshold for ARP Miss messages to be discarded when the rate limit is exceeded globally, in a VLAN, or on an interface 100
Aging time of temporary ARP entries 3 seconds
Gratuitous ARP packet discarding Disabled
Optimized ARP reply Enabled
Strict ARP learning

Disabled

Interface-based ARP entry limit The maximum number of ARP entries that an interface can dynamically learn is the same as the number of ARP entries supported by the device.
ARP entry fixing Disabled
DAI Disabled
ARP gateway anti-collision Disabled
Gratuitous ARP packet sending Disabled
Interval for sending gratuitous ARP packets 30 seconds
MAC address consistency check in an ARP packet Disabled
ARP packet validity check Disabled
ARP learning triggered by DHCP Disabled
ARP proxy on a VPLS network Disabled
Translation
Download
Updated: 2019-04-01

Document ID: EDOC1000178319

Views: 136415

Downloads: 78

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next