Configuration Guide NFPP Configuration
Ruijie# show nfpp arp-guard summary
Show the arp-guard parameter
settings.
Ruijie# copy running-config
startup-config
MAC address-based rate limit takes precedence over IP
address-based rate limit. IP address-based rate limit takes
precedence over port-based rate limit.
It is recommended for the administrator to follow the following
principle of configuring the host-based rate-limit and attack
threshold, in order to perform the best arp-guard function:
IP address-based rate-limit threshold < IP address-based attack
threshold < source MAC address-based rate-limit threshold <
source MAC address-based attack threshold.
When configuring the rate limit on the port, you can refer to the
user count on this port. For example, if 500 users exist on a port,
you can set the rate limit on this port to 500.
Clearing the monitored hosts
The isolated hosts can be recovered automatically after a period of the time.
The administrator can use the following command to clear the isolated hosts
manually.
Ruijie# clear nfpp arp-guard hosts [vlan
vid] [interface interface-id] [ip-address |
mac-address]
clear nfpp arp-guard hosts: Clear all
isolated hosts.
clear nfpp arp-guard hosts vlan vid:
Clear all isolated hosts in a VLAN.
clear nfpp arp-guard hosts [vlan vid]
[interface interface-id]: Clear all
isolated hosts on a interface in a VLAN.
clear nfpp arp-guard hosts [vlan vid]
[interface interface-id] [ip-address |
mac-address]: An isolated host has
been cleared. Use the IP address or
the MAC address to identify the hosts.
To Next Page
Loading...
