No relevant resource is found in the selected language.
Enterprise
Worldwide
Huawei Global - English
Support Documentation
WLAN AC V200R010C00 Command Reference
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
display arp anti-attack configuration

display arp anti-attack configuration

Function

The display arp anti-attack configuration command displays the ARP anti-attack configuration.

Only the AC6605 supports this function.

Format

display arp anti-attack configuration { arp-rate-limit | arpmiss-rate-limit | arp-speed-limit | arpmiss-speed-limit | entry-check | gateway-duplicate | packet-check | all }

Parameters

Parameter

Description

Value

arp-rate-limit

Displays the configuration of rate limit on ARP packets globally or on an interface.

-

arpmiss-rate-limit

Displays the configuration of rate limit on ARP Miss messages.

-

arp-speed-limit

Displays the configuration of rate limit on ARP packets based on the source IP address or source MAC address.

-

arpmiss-speed-limit

Displays the configuration of rate limit on ARP Miss messages based on the source IP address.

-

entry-check

Displays the ARP entry fixing mode.

-

gateway-duplicate

Displays whether gateway anti-collision is enabled.

-

packet-check

Displays whether ARP packet validity check is enabled.

-

all

Displays all ARP anti-attack configurations.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

After all ARP anti-attack functions are configured, you can run this command to check all configurations.

Example

# Display the maximum rate and rate limit duration of ARP packets based on the source IP address or source MAC address.

<AC6605> display arp anti-attack configuration arp-speed-limit
 ARP speed-limit for source-MAC configuration:                                  
 MAC-address         suppress-rate(pps)(rate=0 means function disabled)         
------------------------------------------------------------------------------- 
 0000-0000-0001      150                                                        
 Others              200                                                        
------------------------------------------------------------------------------- 
 1 specified MAC addresses are configured, spec is 256 items.                   
                                                                                
 ARP speed-limit for source-IP configuration:                                   
 IP-address          suppress-rate(pps)(rate=0 means function disabled)         
------------------------------------------------------------------------------- 
 10.0.0.20           50                                                         
 Others              100                                                        
------------------------------------------------------------------------------- 
 1 specified IP addresses are configured, spec is 512 items.

# Display the maximum rate and rate limit duration of ARP Miss messages based on the source IP address.

<AC6605> display arp anti-attack configuration arpmiss-speed-limit
 ARP miss speed-limit for source-IP configuration:                                   
 IP-address          suppress-rate(pps)(rate=0 means function disabled)         
------------------------------------------------------------------------------- 
 10.0.0.20           300                                                        
 Others              100                                                        
------------------------------------------------------------------------------- 
 1 specified IP addresses are configured, spec is 128 items.

# Display the ARP entry fixing mode.

<AC6605> display arp anti-attack configuration entry-check
 ARP anti-attack entry-check mode: fixed-mac

# Display all ARP anti-attack configurations.

<AC6605> display arp anti-attack configuration all
 ARP anti-attack packet-check function: enable                                  
                                                                                
 ARP anti-attack entry-check mode: disabled                                     
                                                                                
 ARP gateway-duplicate anti-attack function: disabled  
                                                                                
 ARP rate-limit configuration:                                                  
------------------------------------------------------------------------------- 
 Global configuration:                                                          
    arp anti-attack rate-limit enable                                           
 Interface configuration:                                                       
------------------------------------------------------------------------------- 
                                                                                
 ARP miss rate-limit configuration:                                             
------------------------------------------------------------------------------- 
 Global configuration:                                                          
    arp-miss anti-attack rate-limit enable                                      
------------------------------------------------------------------------------- 
                                                                                
 ARP speed-limit for source-MAC configuration:                                  
 MAC-address         suppress-rate(pps)(rate=0 means function disabled)         
------------------------------------------------------------------------------- 
 0000-0000-0001      200                                                        
 Others              100                                                        
------------------------------------------------------------------------------- 
 1 specified MAC addresses are configured, spec is 256 items.                   
                                                                                
 ARP speed-limit for source-IP configuration:                                   
 IP-address          suppress-rate(pps)(rate=0 means function disabled)         
------------------------------------------------------------------------------- 
 10.0.0.1            512                                                        
 Others              126                                                        
------------------------------------------------------------------------------- 
 1 specified IP addresses are configured, spec is 128 items.                    
                                                                                
 ARP miss speed-limit for source-IP configuration:                              
 IP-address          suppress-rate(pps)(rate=0 means function disabled)         
------------------------------------------------------------------------------- 
 10.134.23.6         400                                                        
 Others              500                                                        
------------------------------------------------------------------------------- 
 1 specified IP addresses are configured, spec is 128 items.
Table 24-93  Description of the display arp anti-attack configuration command output

Item

Description

ARP speed-limit for source-MAC configuration

Rate limit on ARP packets based on the source MAC address.

You can run the arp speed-limit source-mac command to configure rate limit on ARP packets based on the source MAC address.

ARP speed-limit for source-IP configuration

Rate limit on ARP packets based on the source IP address.

You can run the arp speed-limit source-ip command to configure rate limit on ARP packets based on the source IP address.

ARP anti-attack packet-check function

Whether MAC address consistency check in an ARP packet is enabled.

You can run the arp anti-attack packet-check sender-mac command to enable MAC address consistency check in an ARP packet.

ARP miss speed-limit for source-IP configuration

Rate limit on ARP Miss messages based on the source IP address.

You can run the arp-miss speed-limit source-ip command to configure rate limit on ARP Miss messages based on the source IP address.

ARP anti-attack entry-check mode

ARP entry fixing mode.

You can run the arp anti-attack entry-check enable command to set the ARP entry fixing mode.

ARP gateway-duplicate anti-attack function:

Whether ARP gateway anti-collision is enabled.

You can run the arp anti-attack gateway-duplicate enable command to enable ARP gateway anti-collision.

ARP rate-limit configuration

Configuration of rate limit on ARP packets.

  • Global configuration indicates the global configuration of rate limit on ARP packets.

  • Interface configuration indicates the configuration of rate limit on ARP packets on an interface.

You can run the arp anti-attack rate-limit command to configure rate limit on ARP packets.

ARP miss rate-limit configuration

Configuration of rate limit on ARP Miss messages. Global configuration indicates the global configuration of rate limit on ARP Miss messages.

You can run the arp-miss anti-attack rate-limit command to configure rate limit on ARP Miss messages.

MAC-address
Rate limit on ARP packets based on a specified MAC address.
  • ALL indicates all MAC addresses.
  • Others indicates other MAC addresses except for the specified MAC address.

IP-address
Rate limit on ARP packets and ARP Miss messages based on a specified IP address.
  • ALL indicates all IP addresses.
  • Others indicates other IP addresses except for the specified IP address.

suppress-rate

Rate limit on ARP packets and ARP Miss messages.
Translation
简体中文
Download
Updated: 2021-02-27

Document ID: EDOC1100064351

Views: 3162651

Downloads: 593

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next
Huawei e+ App Huawei e+

Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :