When a device is busy with a large number of ARP packets, the CPU may be incapable of processing other services. To protect CPU resources of the device, limit the rate of ARP packets.
The device provides the following measures for limiting the rate of ARP packets:
Limiting the rate of ARP packets based on source MAC addresses or source IP addresses
Limiting the rate of ARP packets based on source MAC addresses: If a MAC address is specified, the device limits the rate of ARP packets from the specified source MAC address; otherwise, the device limits the rate of ARP packets from all source MAC addresses.
Limiting the rate of ARP packets based on source IP addresses: If an IP address is specified, the device limits the rate of ARP packets from the specified source IP address; otherwise, the device limits the rate of ARP packets from all source IP addresses.
Limiting the rate on ARP packets globally, in a VLAN, or on an interface
The maximum rate and rate limiting duration of ARP packets can be set globally, in a VLAN, or on an interface. The configurations set in the interface view take precedence over those set in the VLAN view, and those set in the VLAN view take precedence over those set in the system view.
In addition, the duration for blocking ARP packets can be set on an interface. The device then discards ARP packets that exceed the permitted maximum number of ARP packets within the rate limiting duration, and discards all ARP packets received within the duration specified for blocking ARP packets.
Limiting the rate of ARP packets globally: limits all received ARP packets.
Limiting the rate of ARP packets in a VLAN: limits the number of ARP packets to be processed on all interfaces in a VLAN. The configuration in a VLAN does not affect ARP entry learning on interfaces in other VLANs.
Limiting the rate of ARP packets on an interface: limits the number of ARP packets processed on an interface. The configuration on an interface does not affect ARP entry learning on other interfaces.