arp optimized-passby enable
Function
The arp optimized-passby enable command configures the device not to send ARP packets destined for other devices to the CPU.
The undo arp optimized-passby enable command configures the device to send ARP packets destined for other devices to the CPU.
By default, a device does not send ARP packets destined for other devices to the CPU.
Format
arp optimized-passby enable
undo arp optimized-passby enable
Only the S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730S-H, S6730-S, and S6730S-S support this command.
Usage Guidelines
Usage Scenario
If an interface receives a large number of ARP packets whose destination IP addresses are different from the IP address of this interface and sends these ARP packets to the CPU for processing, the CPU usage is high and the CPU cannot process services properly.
To prevent this issue, you can configure the device to directly forward ARP packets destined for other devices without sending them to the CPU. This improves the device's capability of defending against ARP flood attacks.
Precautions
- Run the arp anti-attack gateway-duplicate enable to enable ARP gateway anti-collision.
- Run the arp ip-conflict-detect enable command to enable IP address conflict detection.
- Run the arp anti-attack check user-bind enable command to enable the dynamic ARP inspection (DAI) function.
- Run the dhcp snooping arp security enable command to enable the egress ARP inspection (EAI) function.
- Run the arp over-vpls enable command to enable proxy ARP on a VPLS network.
- Run the arp-proxy enable command to enable routed proxy ARP.
- Run the arp-proxy inner-sub-vlan-proxy enable command to enable intra-VLAN proxy ARP.
- Run the arp-proxy inter-sub-vlan-proxy enable command to enable inter-VLAN proxy ARP.
- Perform an NAC-related configuration. For details, see the User Access and Authentication Configuration Guide.