< Home

arp anti-attack rate-limit alarm threshold

Function

The arp anti-attack rate-limit alarm threshold command sets the alarm threshold of ARP packets discarded when the rate of ARP packets exceeds the limit.

The undo arp anti-attack rate-limit alarm threshold command restores the default alarm threshold.

By default, the alarm threshold of ARP packets discarded when the rate of ARP packets exceeds the limit is 100.

Format

arp anti-attack rate-limit alarm threshold threshold

undo arp anti-attack rate-limit alarm threshold

Parameters

Parameter Description Value
threshold Specifies the alarm threshold of ARP packets discarded when the rate of ARP packets exceeds the limit. The value is an integer that ranges from 1 to 16384.

Views

System view, VLAN view, Ethernet interface view, GE interface view, 40GE interface view, XGE interface view, 25GE interface view, 100GE interface view, MultiGE interface view, port group view, Eth-Trunk interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can use the arp anti-attack rate-limit alarm threshold command to set the alarm threshold. When the number of discarded ARP packets exceeds the alarm threshold, the device generates an alarm.

Prerequisites

Rate limit on ARP packets has been enabled using the arp anti-attack rate-limit enable command, and the alarm function has been enabled using the arp anti-attack rate-limit alarm enable command.

Example

# Enable rate limit on ARP packets globally, enable the alarm function, and set the alarm threshold to 50.

<HUAWEI> system-view
[HUAWEI] arp anti-attack rate-limit enable
[HUAWEI] arp anti-attack rate-limit alarm enable
[HUAWEI] arp anti-attack rate-limit alarm threshold 50

# Enable rate limit for the ARP packets on Layer 2 interface GE0/0/1, enable the alarm function, and set the alarm threshold to 50.

<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] arp anti-attack rate-limit enable
[HUAWEI-GigabitEthernet0/0/1] arp anti-attack rate-limit alarm enable
[HUAWEI-GigabitEthernet0/0/1] arp anti-attack rate-limit alarm threshold 50
# Enable rate limit for the ARP packets on Layer 3 interface GE0/0/1, enable the alarm function, and set the alarm threshold to 50.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] undo portswitch
[HUAWEI-GigabitEthernet0/0/1] arp anti-attack rate-limit enable
[HUAWEI-GigabitEthernet0/0/1] arp anti-attack rate-limit alarm enable
[HUAWEI-GigabitEthernet0/0/1] arp anti-attack rate-limit alarm threshold 50
Parent Topic: ARP Security Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >