Operation Manual – ARP
H3C S3100 Series Ethernet Switches Chapter 1 ARP Configuration
1-10
 Note:
z You need to enable DHCP snooping and configure DHCP snooping trusted ports on
the switch before configuring the ARP attack detection function. For more
information about DHCP snooping, refer to the DHCP snooping section in the part
discussing DHCP in this manual.
z Generally, the uplink port of a switch is configured as a trusted port.
z Before enabling ARP restricted forwarding, make sure you enable ARP attack
detection and configure ARP trusted ports.
z Currently, the VLAN ID of an IP-to-MAC binding configured on a port of an S3100-EI
series Ethernet switch is the same as the default VLAN ID of the port. If the VLAN
tag of an ARP packet is different from the default VLAN ID of the receiving port, the
ARP packet cannot pass the ARP attack detection based on the IP-to-MAC
bindings.
z When you use the ARP attack detection in cooperation with VLAN mapping, you
need to enable ARP attack detection in both the original VLAN and the mapped
VLAN. For more information about VLAN mapping, refer to VLAN-VPN Operation in
this manual.
z You are not recommended to configure ARP attack detection on the ports of an
aggregation group.
1.2.4 Configuring the ARP Packet Rate Limit Function
Table 1-7 Configure the ARP packet rate limit function
Operation Command Remarks
Enter system view
system-view
—
Enter Ethernet port view
interface interface-type
interface-number
—
Enable the ARP packet
rate limit function
arp rate-limit enable
Required
By default, the ARP
packet rate limit function
is disabled on a port.
Configure the maximum
ARP packet rate allowed
on the port
arp rate-limit rate
Optional
By default, the maximum
ARP packet rate allowed
on a port is 15 pps.
Quit to system view
quit
—
Enable the port state
auto-recovery function
arp protective-down
recover enable
Optional
By default, the port state
auto-recovery function is
disabled.
To Next Page
Loading...
Need help?
General