EasyManuals Logo

HPE FlexNetwork 5510 HI Series Security Configuration Guide

HPE FlexNetwork 5510 HI Series
551 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #427 background imageLoading...
Page #427 background image
414
Configuration guidelines
Configure this feature when MFF, ARP attack detection, or ARP snooping is enabled, or when ARP
flood attacks are detected.
Configuration procedure
This task sets a rate limit for ARP packets received on an interface. When the number of ARP
packets that the interface receives within a period exceeds the rate limit, those packets are
discarded.
You can enable sending of notifications to the SNMP module or enable logging for ARP packet rate
limit.
• If notification sending is enabled, the device sends the highest threshold-crossed ARP packet
rate within the sending interval in a notification to the SNMP module. You must use the
snmp-agent target-host command to set the notification type and target host. For more
information about notifications, see Network Management and Monitoring Command
Reference.
• If logging for ARP packet rate limit is enabled, the device sends the highest threshold-crossed
ARP packet rate within the sending interval in a log message to the information center. You can
configure the information center module to set the log output rules. For more information about
information center, see Network Management and Monitoring Configuration Guide.
To configure ARP packet rate limit:
Step
Command
Remarks
1. Enter system view.
system-view
N/A
2.
(Optional.) Enable
notification sending for ARP
packet rate limit.
snmp-agent trap enable arp
[
rate-limit
]
By default, notification sending for
ARP packet rate limit is disabled.
3. (Optional.) Enable logging for
ARP packet rate limit.
arp rate-limit log enable
By default, logging for ARP packet
rate limit is disabled.
4.
(Optional.) Set the
notification and log message
sending interval.
arp rate-limit log interval
seconds
By default, the device sends
notifications and log messages at an
interval of 60 seconds.
5. Enter Layer
2 Ethernet
interface or Layer 2
aggregate interface view.
interface
interface-type
interface-number
N/A
6. Enable ARP packet rate limit
and set the rate limit.
arp rate-limit
[ pps ]
By default, ARP packet rate limit is
enabled, and the rate limit is 100
pps.
NOTE:
If you
enable notification sending and logging for ARP packet rate limit on a Layer 2 aggregate
interface, the features apply to all aggregation member ports.
Configuring source MAC-based ARP attack
detection
This feature checks the number of ARP packets delivered to the CPU. If the number of packets from
the same MAC address within 5 seconds exceeds a threshold, the device adds the MAC address to

Table of Contents

Other manuals for HPE FlexNetwork 5510 HI Series

Preview: Configuration Guide
Configuration Guide572 pages
Preview: Fundamentals Configuration Guide
Fundamentals Configuration Guide209 pages
Preview: Layer 3 - Ip Routing Configuration Guide
Layer 3 - Ip Routing Configuration Guide486 pages
Preview: Network Management And Monitoring Configuration Guide
Network Management And Monitoring Configuration Guide331 pages
Preview: Macsec Configuration Guide
Macsec Configuration Guide27 pages
Preview: Acl And Qos Configuration Guide
Acl And Qos Configuration Guide114 pages
Preview: Mpls Configuration Guide
Mpls Configuration Guide505 pages
Preview: Openflow Configuration Guide
Openflow Configuration Guide39 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork 5510 HI Series and is the answer not in the manual?

HPE FlexNetwork 5510 HI Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork 5510 HI Series
CategorySwitch
LanguageEnglish

Related product manuals