Enterasys SecureStack C2 C2G170-24

Enterasys SecureStack C2 C2G170-24

698 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

set arpinspection filter

SecureStack C2 Configuration Guide 17-23

Parameters

Defaults

Rate=15packetspersecond

BurstInterval=1second

Mode

Switchcommand,read‐write.

Usage

Toprotectthe switchagainstDHCPattackswhenDAIisenabled,theDAIap plication enforcesa 

ratelimitforARPpacketsreceivedonuntrustedinterfaces.DAImonitorsthereceiverateoneach

interfaceseparately.Ifthereceiverateexceedsthelimitconfiguredwiththiscommand,DAI

disablestheinterface,whicheffectively

bringsdowntheinterface.Youcanusethesetportenable

commandtoreenabletheport.

Youcanconfigureboththerateandtheburstinterval.Thedefaultrateis15ppsoneachuntrusted

interfacewitharangeof0to100pps.Thedefaultburstintervalis1

secondwitharangeto1to15

seconds..TheratelimitcannotbesetontrustedinterfacessinceARPpacketsreceivedontrusted

interfacesdonotcometotheCPU.

Example

Thisexamplesetstherateto20packetspersecondandtheburstintervalto2secondsonports

ge.1.1andge.1.2.

C2(su)->set arpinspection limit port ge.1.1-2 rate 20 burst interval 2

set arpinspection filter

UsethiscommandtocreateanARPACLandthentoassignanACLtoaVLAN,optionallyasa

staticmapping.

Syntax

set arpinspection filter name {permit ip host sender-ipaddr mac host

sender-macaddr | vlan vlan-range [static]}

Parameters

port‐string Specifiestheportorportstowhichtoapplytheseratelimiting

parameters.

none ConfiguresnolimitonincomingARPpackets.

ratepps Specifiesaratelimitinpacketspersecond.Thevalueofppscanrange

from0to100packetspersecond.

burstintervalsecs Specifiesaburstintervalin

seconds.Thevalueofsecscanrangefrom1

to15seconds.

name Specifiesthe nameoftheARPACL.

permit Specifiesthatapermitruleisbeingcreated.

iphostsender‐ipaddr SpecifiestheIPaddressintherulebeingcreated.

Table of Contents

Other manuals for Enterasys SecureStack C2 C2G170-24

Hardware Installation Guide74 pages

Related product manuals

Preview: SecureStack C2 C2G124-24

SecureStack C2 C2G124-24

Preview: Enterasys SecureStack C2

Enterasys SecureStack C2

Preview: SecureStack A2 A2H124-24

SecureStack A2 A2H124-24

Preview: SecureStack B3 B3G124-48

SecureStack B3 B3G124-48

SecureStack A2 A2H254-16

Preview: SecureStack B3 B3G124-24P

SecureStack B3 B3G124-24P

Preview: SecureStack B2 B2G124-48P

SecureStack B2 B2G124-48P

Enterasys SSA-G1018-0652

Preview: Enterasys C3G124-24

Enterasys C3G124-24

Preview: Enterasys B5G124-24

Enterasys B5G124-24

Preview: Enterasys 08H20G4-24

Enterasys 08H20G4-24

Preview: Enterasys Matrix-V V2H124-24

Enterasys Matrix-V V2H124-24