No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Security

CloudEngine 8800, 7800, 6800, and 5800 V200R005C10

This document describes the configurations of Security, including ACL, local attack defense, MFF, attack defense, traffic suppression and storm control, ARP security, Port security, DHCP snooping, ND snooping, PPPoE+, IPSG, SAVI, separating the management plane from the service plane, security risks.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Licensing Requirements and Limitations for ARP Security

Licensing Requirements and Limitations for ARP Security

Involved Network Elements

Other network elements are not required.

Licensing Requirements

ARP security is a basic feature of a switch and is not under license control.

Version Requirements

Table 10-4 Products and minimum version supporting ARP security

Product Model

Minimum Version Required

CE8860EI

V100R006C00

CE8861EI

V200R005C10

CE8868EI

V200R005C10

CE8850-32CQ-EI

V200R002C50

CE8850-64CQ-EI

V200R005C00

CE7850EI

V100R003C00

CE7855EI

V200R001C00

CE6810EI

V100R003C00

CE6810-48S4Q-LI/CE6810-48S-LI

V100R003C10

CE6810-32T16S4Q-LI/CE6810-24S2Q-LI

V100R005C10

CE6850EI

V100R001C00

CE6850-48S6Q-HI

V100R005C00

CE6850-48T6Q-HI/CE6850U-HI/CE6851HI

V100R005C10

CE6855HI

V200R001C00

CE6856HI

V200R002C50

CE6857EI

V200R005C10

CE6860EI

V200R002C50

CE6865EI

V200R005C00

CE6870-24S6CQ-EI/CE6870-48S6CQ-EI

V200R001C00

CE6870-48T6CQ-EI

V200R002C50

CE6875EI

V200R003C00

CE6880EI

V200R002C50

CE5810EI

V100R002C00

CE5850EI

V100R001C00

CE5850HI

V100R003C00

CE5855EI

V100R005C10

CE5880EI

V200R005C10

Feature Limitations

When deploying ARP security on the switch, pay attention to the following:
  • Do not enable the gratuitous ARP packet discarding function on a network-side interface.

  • If dynamic ARP entry learning is disabled on an interface, traffic forwarding may fail on this interface.

  • After dynamic ARP entry learning is disabled on an interface, the system will not automatically delete the ARP entries that were learned previously on this interface. You can delete or retain these dynamic ARP entries as required.

  • When the DAI is enabled in a VLAN, the transparent transmission of protocol packets does not take effect in this VLAN.

  • For a switch except CE6870EI and CE6875EI, when ARP rate limiting is configured on an interface and DAI is configured in the corresponding VLAN, ARP rate limiting does not take effect.

  • For a switch except CE6870EI and CE6875EI, after ARP rate limiting is configured for an inter-card LAG, if the accumulative rate of ARP packets sent by the interfaces on different cards reaches the upper limit but the rate of ARP packets sent by a single card does not reach the upper limit, the ARP rate limiting function does not take effect.

  • When a CE6810LI functions as a leaf switch, ARP rate limiting based on all interfaces cannot take effect on the switch.

  • If both interface-based ARP rate limiting and sFlow/NetStream are configured on a switch (except CE5880EI, CE6870EI, CE6875EI, and CE6880EI), interface-based ARP rate limiting does not take effect. The maximum number of ARP packets sent from interfaces to the CPU is the ARP rate limit plus the number of ARP packets sampled by sFlow/NetStream.

  • After ARP rate limiting is enabled on all interfaces, port-based automatic local attack defense for ARP does not take effect.
Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100074765

Views: 18625

Downloads: 63

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next