1-7
Operation Command Remarks
Configure the port as an ARP
trusted port
arp detection trust
Optional
By default, a port is an untrusted
port.
Quit to system view
quit
—
Enter VLAN view
vlan vlan-id
—
Enable ARP restricted
forwarding
arp restricted-forwarding
enable
Optional
By default, the ARP restricted
forwarding function is disabled.
The device forwards legal ARP
packets through all its ports.
z You need to enable DHCP snooping and configure DHCP snooping trusted ports on the switch
before configuring the ARP attack detection function. For more information about DHCP snooping,
refer to the DHCP snooping section in the part discussing DHCP in this manual.
z Generally, the uplink port of a switch is configured as a trusted port.
z Before enabling ARP restricted forwarding, make sure you enable ARP attack detection and
configure ARP trusted ports.
z Currently, the VLAN ID of an IP-to-MAC binding configured on a port of a Switch 4210 is the same
as the default VLAN ID of the port. If the VLAN tag of an ARP packet is different from the default
VLAN ID of the receiving port, the ARP packet cannot pass the ARP attack detection based on the
IP-to-MAC bindings.
z When you use the ARP attack detection in cooperation with VLAN mapping, you need to enable
ARP attack detection in both the original VLAN and the mapped VLAN. For more information about
VLAN mapping, refer to VLAN-VPN Operation in this manual.
z You are not recommended to configure ARP attack detection on the ports of an aggregation group.
Configuring the ARP Packet Rate Limit Function
Table 1-6 Configure the ARP packet rate limit function
Operation Command Remarks
Enter system view
system-view
—
Enter Ethernet port view
interface interface-type
interface-number
—
Enable the ARP packet rate
limit function
arp rate-limit enable
Required
By default, the ARP packet rate
limit function is disabled on a
port.
Configure the maximum ARP
packet rate allowed on the port
arp rate-limit rate
Optional
By default, the maximum ARP
packet rate allowed on a port is
15 pps.
To Next Page
Loading...