Configuring Rate Limiting on ARP Packets Globally, in a VLAN, in a BD, or on an Interface
Context
Only the CE12800E that has the FD-X series cards installed supports configuring rate limiting on ARP packets in an interface view.
Only the CE12800 supports configuring rate limiting on ARP packets in a BD view.
When processing a large number of ARP packets, a device consumes many CPU resources and cannot process other services. To protect CPU resources of the device, limit the rate of ARP packets.
Limiting the rate of ARP packets globally: limits the number of ARP packets processed on the entire device.
Limiting the rate of ARP packets in a VLAN: limits the number of ARP packets to be processed on all interfaces in a VLAN. The configuration in a VLAN does not affect ARP entry learning on interfaces in other VLANs.
Limiting the rate of ARP packets on an interface: limits the number of ARP packets processed on an interface. The configuration on an interface does not affect ARP entry learning on other interfaces.
If the maximum rate is configured in the system view, VLAN/BD view, and interface view at the same time, the device uses the configurations in the interface view, VLAN/BD view, and system view in order.
Perform the following steps on the gateway.
Procedure
- Run system-view
The system view is displayed.
- (Optional) Run interface interface-type interface-number
The interface view is displayed.
Or run bridge-domain bd-id
The BD view is displayed.
Or run vlan vlan-id
The VLAN view is displayed.
If you configure rate limiting on ARP packets in the system view, skip the preceding step.
- Run arp anti-attack rate-limit limit
The maximum rate of ARP packets is set.
By default, the maximum rate of ARP packets is set to 0, that is, the rate of ARP packets is not limited globally, in a VLAN, in a BD, or on an interface.
- Run commit
The configuration is committed.