Command Reference ARP Commands
hardware during the address resolution, so that all sequential messages with that destination
IP address are not sent to the CPU. After the address resolution, the entry is updated to the
forwarding status, so that the switch could forward the message with that destination IP
address in hardware.
In general, during the ARP request ,if the switch CPU receives three destination IP address
messages corresponding to the ARP entry, it is considered to be possible to attack the CPU
and the switch sets the discarded entry to prevent the unknown unicast message from
attacking the CPU. User could set the num parameter of this command to decide whether it
attacks the CPU in specific network environment or disable this function. Use the arp
anti-ip-attack command to set the parameter or disable this function. Use the no form of this
command to restore the default setting.
The number of the IP message to trigger the ARP to discarded
entry in the range from 0 to 100. 0 stands for disabling the arp
anti-ip-attack function.
By default, set the discarded entry after 3 unknown unicast messages are sent to the CPU.
Global configuration mode.
The arp anti-ip-attack function needs to occupy the switch hardware routing resources when
attacked by the unknown unicast message. If there are enough resources, the arp
anti-ip-attack num could be smaller. If not, in order to preferential ensure the use of the
normal routing, the num could be larger or disable this function.
The following example sets the IP message number that triggers ARP to discarding entry as 5.
Ruijie(config)# arp anti-ip-attack 5
The following example disables the ARP anti-ip-attack function.
Ruijie(config)# arp anti-ip-attack 0
2.3 arp cache interface-limit
Use this command to set the maximum number of ARP learned on the interface.
Use the no form of this command to restore the default setting.
To Next Page
Loading...
Need help?
General