No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FITAP V200R010C00 Command Reference

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
display arp anti-attack configuration

display arp anti-attack configuration

Function

The display arp anti-attack configuration command displays the ARP anti-attack configuration.

NOTE:

Format

display arp anti-attack configuration { arp-rate-limit | arpmiss-rate-limit | arp-speed-limit | arpmiss-speed-limit | entry-check | packet-check | all }

Parameters

Parameter

Description

Value

arp-rate-limit

Displays the configuration of rate limit on ARP packets globally or on an interface.

-

arpmiss-rate-limit

Displays the configuration of rate limit on ARP Miss messages.

-

arp-speed-limit

Displays the configuration of rate limit on ARP packets based on the source IP address or source MAC address.

-

arpmiss-speed-limit

Displays the configuration of rate limit on ARP Miss messages based on the source IP address.

-

entry-check

Displays the ARP entry fixing mode.

-

packet-check

Displays whether ARP packet validity check is enabled.

-

all

Displays all ARP anti-attack configurations.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

After all ARP anti-attack functions are configured, you can run this command to check all configurations.

Example

# Display the maximum rate and rate limit duration of ARP packets based on the source IP address or source MAC address.

<Huawei> display arp anti-attack configuration arp-speed-limit
 ARP speed-limit for source-MAC configuration:                                  
 MAC-address         suppress-rate(pps)(rate=0 means function disabled)         
------------------------------------------------------------------------------- 
 0000-0000-0001      150                                                        
 Others              200                                                        
------------------------------------------------------------------------------- 
 1 specified MAC addresses are configured, spec is 256 items.                   
                                                                                
 ARP speed-limit for source-IP configuration:                                   
 IP-address          suppress-rate(pps)(rate=0 means function disabled)         
------------------------------------------------------------------------------- 
 10.0.0.20           50                                                         
 Others              100                                                        
------------------------------------------------------------------------------- 
 1 specified IP addresses are configured, spec is 512 items.                    
                                                             

# Display the maximum rate and rate limit duration of ARP Miss messages based on the source IP address.

<Huawei> display arp anti-attack configuration arpmiss-speed-limit
 ARP miss speed-limit for source-IP configuration:                                   
 IP-address          suppress-rate(pps)(rate=0 means function disabled)         
------------------------------------------------------------------------------- 
 10.0.0.20           300                                                        
 Others              100                                                        
------------------------------------------------------------------------------- 
 1 specified IP addresses are configured, spec is 128 items. 

# Display the ARP entry fixing mode.

<Huawei> display arp anti-attack configuration entry-check
 ARP anti-attack entry-check mode: fixed-mac 

# Display all ARP anti-attack configurations.

<Huawei> display arp anti-attack configuration all
 ARP anti-attack packet-check function: enable                                  
                                                                                
 ARP anti-attack entry-check mode: disabled                                     
                                                                                
 ARP rate-limit configuration:                                                  
------------------------------------------------------------------------------- 
 Global configuration:                                                          
    arp anti-attack rate-limit enable                                           
 Interface configuration:                                                       
------------------------------------------------------------------------------- 
                                                                                
 ARP miss rate-limit configuration:                                             
------------------------------------------------------------------------------- 
 Global configuration:                                                          
    arp-miss anti-attack rate-limit enable                                      
------------------------------------------------------------------------------- 
                                                                                
 ARP speed-limit for source-MAC configuration:                                  
 MAC-address         suppress-rate(pps)(rate=0 means function disabled)         
------------------------------------------------------------------------------- 
 0000-0000-0001      200                                                        
 Others              100                                                        
------------------------------------------------------------------------------- 
 1 specified MAC addresses are configured, spec is 256 items.                   
                                                                                
 ARP speed-limit for source-IP configuration:                                   
 IP-address          suppress-rate(pps)(rate=0 means function disabled)         
------------------------------------------------------------------------------- 
 10.0.0.1            512                                                        
 Others              126                                                        
------------------------------------------------------------------------------- 
 1 specified IP addresses are configured, spec is 128 items.                    
                                                                                
 ARP miss speed-limit for source-IP configuration:                              
 IP-address          suppress-rate(pps)(rate=0 means function disabled)         
------------------------------------------------------------------------------- 
 10.134.23.6         400                                                        
 Others              500                                                        
------------------------------------------------------------------------------- 
 1 specified IP addresses are configured, spec is 128 items.                    
Table 13-44  Description of the display arp anti-attack configuration command output

Item

Description

ARP speed-limit for source-MAC configuration

Rate limit on ARP packets based on the source MAC address.

ARP speed-limit for source-IP configuration

Rate limit on ARP packets based on the source IP address.

ARP anti-attack packet-check function

Whether MAC address consistency check in an ARP packet is enabled.

ARP miss speed-limit for source-IP configuration

Rate limit on ARP Miss messages based on the source IP address.

ARP anti-attack entry-check mode

ARP entry fixing mode.

ARP rate-limit configuration

Configuration of rate limit on ARP packets.

  • Global configuration indicates the global configuration of rate limit on ARP packets.

  • Interface configuration indicates the configuration of rate limit on ARP packets on an interface.

ARP miss rate-limit configuration

Configuration of rate limit on ARP Miss messages. Global configuration indicates the global configuration of rate limit on ARP Miss messages.

MAC-address

Rate limit on ARP packets based on a specified MAC address.
  • ALL indicates all MAC addresses.
  • Others indicates other MAC addresses except for the specified MAC address.

IP-address

Rate limit on ARP packets and ARP Miss messages based on a specified IP address.
  • ALL indicates all IP addresses.
  • Others indicates other IP addresses except for the specified IP address.

suppress-rate

Rate limit on ARP packets and ARP Miss messages.

Translation
Download
Updated: 2019-05-14

Document ID: EDOC1100064353

Views: 87768

Downloads: 61

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next