Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Defense Against ARP Flood Attacks
Configuring defense against ARP flood attacks prevents ARP entries from being exhausted and CPU overload.
Pre-configuration Tasks
Before configuring defense against ARP flood attacks, connect interfaces and set physical parameters for the interfaces to ensure that the physical status of the interfaces is Up.
Configuration Procedure
Operations in the configuration procedure can be performed in any sequence.
When rate limit on ARP packets is configured globally or in a VLAN and rate limit on ARP packets based on the source MAC address or source IP address is also configured, the smallest rate is used.
When rate limit on ARP Miss messages is configured globally or in a VLAN and rate limit on ARP Miss messages based on the source IP address is also configured, the smallest rate is used.
- Configuring Rate Limiting on ARP Packets based on Source MAC Addresses
- Configuring Rate Limiting on ARP Packets based on Source IP Addresses
- Configuring Rate Limit on ARP Packets based on the Destination IP Address
- Configuring Rate Limiting on ARP Packets Globally, in a VLAN, in a BD, or on an Interface
- Configuring ARP Rate Limiting on All Interfaces
- Configuring Rate Limiting on ARP Miss Messages based on Source IP Addresses
- Configuring Rate Limiting on ARP Miss Messages Globally, in a VLAN, or on an Interface
- Configuring the Aging Time of Temporary ARP Entries
- Configuring Gratuitous ARP Packet Discarding
- Configuring Strict ARP Learning
- Configuring Interface-based ARP Entry Limit
- Disabling an Interface from Learning ARP Entries
- Verifying the ARP Flood Attack Defense Configuration