< Home

arp-miss anti-attack rate-limit alarm threshold

Function

The arp-miss anti-attack rate-limit alarm threshold command sets the alarm threshold for ARP Miss messages discarded when the rate of ARP Miss packets exceeds the limit.

The undo arp-miss anti-attack rate-limit alarm threshold command restores the default alarm threshold.

By default, the alarm threshold for ARP Miss packets discarded is 100.

Only the S5720-EI, S5720-HI, S5720I-SI, S5720S-SI, S5720-SI, S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735S-S, S5735-S-I, S5730-HI, S5730S-EI, S5730-SI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720-LI, S6720S-EI, S6720S-LI, S6720S-SI, S6720-SI, S6730-H, S6730S-H, S6730-S, and S6730S-S support this command.

Format

arp-miss anti-attack rate-limit alarm threshold threshold

undo arp-miss anti-attack rate-limit alarm threshold

Parameters

Parameter

Description

Value

threshold

Specifies the alarm threshold for ARP Miss messages discarded when the rate of ARP Miss messages exceeds the limit.

The value is an integer that ranges from 1 to 16384, in pps.

Views

System view, VLAN view, GE interface view, 40GE interface view, XGE interface view, 25GE interface view, 100GE interface view, MultiGE interface view, port group view, Eth-Trunk interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can use the arp-miss anti-attack rate-limit alarm threshold command to set the alarm threshold. When the number of discarded ARP Miss packets exceeds the alarm threshold, the device generates an alarm.

Prerequisites

Rate limit on ARP Miss messages has been enabled using the arp-miss anti-attack rate-limit enable command, and the alarm function has been enabled using the arp-miss anti-attack rate-limit alarm enable command.

Example

# Enable rate limit on ARP Miss messages globally, enable the alarm function, and set the alarm threshold to 200.

<HUAWEI> system-view
[HUAWEI] arp-miss anti-attack rate-limit enable
[HUAWEI] arp-miss anti-attack rate-limit alarm enable
[HUAWEI] arp-miss anti-attack rate-limit alarm threshold 200

# Enable rate limit on ARP Miss messages on Layer 2 interface GE0/0/1, enable the alarm function, and set the alarm threshold to 200.

<HUAWEI> system-view
[HUAWEI] interface gigabitethernet0/0/1
[HUAWEI-GigabitEthernet0/0/1] arp-miss anti-attack rate-limit enable
[HUAWEI-GigabitEthernet0/0/1] arp-miss anti-attack rate-limit alarm enable
[HUAWEI-GigabitEthernet0/0/1] arp-miss anti-attack rate-limit alarm threshold 200
# Enable rate limit on ARP Miss messages on Layer 3 interface GE0/0/1, enable the alarm function, and set the alarm threshold to 200.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet0/0/1
[HUAWEI-GigabitEthernet0/0/1] undo portswitch
[HUAWEI-GigabitEthernet0/0/1] arp-miss anti-attack rate-limit enable
[HUAWEI-GigabitEthernet0/0/1] arp-miss anti-attack rate-limit alarm enable
[HUAWEI-GigabitEthernet0/0/1] arp-miss anti-attack rate-limit alarm threshold 200
Parent Topic: ARP Security Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >