2
To do… Use the command… Remarks
Enter system view
system-view
—
Enter Ethernet port view
interface interface-type
interface-number
—
Configure ARP packet filtering
based on the gateway’s IP
address
arp filter source ip-address
Required
Not configured by default.
Configure ARP packet filtering
based on the gateway’s IP and
MAC addresses
arp filter binding ip-address
mac-address
Required
Not configured by default.
The arp filter source and arp filter binding commands are mutually exclusive on an Ethernet port.
That is, you can only configure ARP packet filtering based on gateway’s IP address, or based on
gateway’s IP and MAC addresses, but not both on an Ethernet port.
Configuring the Maximum Number of Dynamic ARP Entries a VLAN
Interface Can Learn
Introduction
To prevent ARP flood attacks, you can limit the number of ARP entries learned by a VLAN interface on
switches (operating as gateways). That is, you can set the maximum number of dynamic ARP entries
that a VLAN interface can learn. If the number of ARP entries learned by the VLAN interface exceeds
the specified upper limit, the VLAN interface stops learning ARP entries, thus to avoid ARP flood
attacks.
Configuring the Maximum Number of Dynamic ARP Entries that a VLAN Interface
Can Learn
Follow these steps to configure the maximum number of dynamic ARP entries that a VLAN interface
can learn:
To do… Use the command… Remarks
Enter system view
system-view
—
Enter VLAN interface view
interface vlan-interface
vlan-id
—
Configure the maximum
number of dynamic ARP
entries that the VLAN interface
can learn
arp max-learning-num
number
Optional
By default, the maximum
number of dynamic ARP
entries that the VLAN interface
can learn is not limited
To Next Page
Loading...