set arpinspection limit
Enterasys C3 Configuration Guide 23-21
Defaults
All parameters are optional, but at least one parameter must be specified.
Mode
Switch command, read-write.
Usage
This command adds additional validation of ARP packets by DAI, beyond the basic validation
that the ARP packet’s sender MAC address and sender IP address match an entry in the DHCP
snooping bindings database.
Example
This example adds the optional verification that sender MAC addresses are the same as the source
MAC addresses in the Ethernet headers of ARP packets.
C3(su)->set arpinspection validate src-mac
set arpinspection limit
Use this command to configure rate limiting parameters for incoming ARP packets on a port or
ports
Syntax
set arpinspection limit port port-string {none | rate pps {burst interval secs]}
Parameters
dst-mac Specifies that DAI should verify that the target MAC address equals the
destination MAC address in the Ethernet header.
This check only applies to ARP responses, since the target MAC address
is unspecified in ARP requests.
ip Specifies that DAI should check the IP address and drop ARP packets
with an invalid address. An invalid address is one of the following:
• 0.0.0.0
• 255.255.255.255
• All IP multicast addresses
• All class E addresses (240.0.0.0/4)
• Loopback addresses (in the range 127.0.0.0/8)
port-string Specifies the port or ports to which to apply these rate limiting
parameters.
none Configures no limit on incoming ARP packets.
rate pps Specifies a rate limit in packets per second. The value of pps can range
from 0 to 50 packets per second.
burst interval secs Specifies a burst interval in seconds. The value of secs can range from 1
to 15 seconds.
To Next Page
Loading...
Need help?
General