< Home

Verifying the ARP Flood Attack Defense Configuration

Procedure

  • Run the display arp anti-attack configuration { arp-rate-limit | arp-speed-limit | entry-check | arpmiss-rate-limit | arpmiss-speed-limit | gateway-duplicate | log-trap-timer | packet-check | all } command to check the ARP anti-attack configuration. (Only the S5720-EI, S5720-HI, S5720I-SI, S5720S-SI, S5720-SI, S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735S-S, S5735-S-I, S5730-HI, S5730S-EI, S5730-SI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720-LI, S6720S-EI, S6720S-LI, S6720S-SI, S6720-SI, S6730-H, S6730S-H, S6730-S, and S6730S-S support arpmiss-rate-limit, arpmiss-speed-limit and gateway-duplicate.)
  • Run the display arp-limit [ interface interface-type interface-number ] [ vlan vlan-id ] command to check the maximum number of dynamic ARP entries that an interface can learn.
  • Run the display arp learning strict command to check strict ARP learning globally and on all VLANIF interfaces.
  • Run the display arp optimized-passby status interface vlanif vlanif-id slot slot-id command to check whether the device is configured not to send ARP packets destined for other devices to the CPU and whether the configuration takes effect.

    Only the S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730S-H, S6730-S, and S6730S-S support this command.

Parent Topic: Configuring Defense Against ARP Flood Attacks
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic