Table 1 describes the default settings for ARP security.
| Parameter | Default Setting |
|---|---|
| Rate limit on ARP packets based on source MAC addresses | The maximum rate of ARP packets from each source MAC address is set to 0, that is, ARP packets are not rate-limited based on the source MAC address. |
| Rate limit on ARP packets based on source IP addresses | The device allows a maximum of 30 ARP packets from the same source IP address to pass through per second. |
| Rate limit on ARP packets globally, in a VLAN, or on an interface | Disabled |
| Maximum rate and rate limiting duration of ARP packets globally, in a VLAN, or on an interface | The device allows a maximum of 100 ARP packets to pass through per second. |
| Discarding all ARP packets on the interface when the rate limit is exceeded | Disabled |
| Alarm that ARP packets are being discarded when the rate limit is exceeded globally, in a VLAN, or on an interface | Disabled |
| Alarm threshold for ARP packets to be discarded when the rate limit is exceeded globally, in a VLAN, or on an interface | 100 |
| Rate limit on ARP Miss messages based on source IP addresses | The device can process a maximum of 30 ARP Miss messages triggered by IP packets from the same source IP address. If the number of ARP Miss messages per second exceeds the limit, the device discards the excess ARP Miss messages. The device, by default, then uses the block mode to discard all ARP Miss packets from the source IP address within 5 minutes. |
| Rate limit on ARP Miss messages globally, in a VLAN, or on an interface | Disabled |
| Maximum rate and rate limiting duration of ARP Miss messages globally, in a VLAN, or on an interface | The device can process a maximum of 100 ARP Miss messages per second. |
| Alarm that ARP Miss messages are being discarded when the rate limit is exceeded globally, in a VLAN, or on an interface | Disabled |
| Alarm threshold for ARP Miss messages to be discarded when the rate limit is exceeded globally, in a VLAN, or on an interface | 100 |
| Aging time of temporary ARP entries | 3 seconds |
| Optimized ARP reply | Enabled |
| Strict ARP learning | Disabled |
| Interface-based ARP entry limit | The maximum number of ARP entries that an interface can dynamically learn is the same as the number of ARP entries supported by the device. |
| ARP entry fixing | Disabled |
| DAI | Disabled |
| ARP gateway anti-collision | Disabled |
| Gratuitous ARP packet sending | Disabled |
| Interval for sending gratuitous ARP packets | 60 seconds |
| MAC address consistency check in an ARP packet | Disabled |
| ARP packet validity check | Disabled |
| ARP learning triggered by DHCP | Disabled |
| ARP proxy on a VPLS network | Disabled |