S1700, S2720, S5700, and S6700 V200R019C10 Command Reference

display arp anti-attack arpmiss-record-info

Function

The display arp anti-attack arpmiss-record-info command displays information recorded by the device when rate limit on ARP Miss messages is triggered.

Only the S1730S-H, S5720-EI, S5720-HI, S5720I-SI, S5720S-SI, S5720-SI, S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735S-S, S5735-S-I, S5730-HI, S5730S-EI, S5730-SI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720-LI, S6720S-EI, S6720S-LI, S6720S-SI, S6720-SI, S6730-H, S6730S-H, S6730-S, and S6730S-S support this command.

Format

display arp anti-attack arpmiss-record-info [ ip-address ]

Parameters

Parameter	Description	Value
ip-address	Displays the IP address of discarded ARP Miss packets.	The value is in dotted decimal notation.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

After rate limit on ARP Miss messages is triggered, the device discards excess ARP Miss messages. You can run this command to view information recorded by the device when rate limit on ARP Miss messages is triggered. The information helps locate and rectify faults.

The device can record a maximum of 256 records about rate limit on ARP Miss messages. If a new round of rate limit on ARP Miss messages is triggered when the number of records reaches 256, the device takes the following actions:

If the source IP address of the attacker already exists in a record, the device updates the block time in the record using the discarding time of the new ARP Miss message.
If the source IP address of the attacker does not exist in any record, the device deletes the first record and adds a new record for this attacker.

Example

# Display information recorded by the device when rate limit on ARP Miss messages is triggered.

<HUAWEI> display arp anti-attack arpmiss-record-info  
Interface    IP address      Attack time         Block time          Aging-time 
------------------------------------------------------------------------------- 
------------------------------------------------------------------------------- 
The number of record(s) in arp-miss table is 0

Table 14-44 Description of the display arp anti-attack arpmiss-record-info command output

Item	Description
Interface	Interface where ARP Miss packets are discarded.
IP address	Source IP address of discarded ARP Miss packets.
Attack time	First time when rate limit on ARP Miss messages is triggered, that is, time when the number of ARP Miss messages exceeds the limit.
Block time	Last time when the device discards the ARP Miss messages of the attacker.
Aging-time	Period during which the device discards ARP Miss packets. If the ARP Miss packet processing mode is set to none-block, the values of Block time and Aging-time are both 0. If the ARP Miss packet processing mode is set to block, the value of Aging-time is configured by the arp-miss speed-limit source-ip command, and the default value is 5 seconds.

Translation

Favorite

Download

Update Date：2022-05-25

Document ID：EDOC1100127035

Downloads：3536

Average rating：2.0Points

Digital Signature File

digtal sigature tool