Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
ARP rate limiting

ARP rate limiting

Created: Sep 16, 2020 09:03:52Latest reply: Sep 16, 2020 09:04:20 580 1 0 0 0
  Rewarded HiCoins: 0 (problem resolved)
View the author 1#

Hello all,

I'd like to configure ARP rate limiting on the S5720 switch.

From the documentation, the arp anti-attack rate-limit command can be used to set he maximum rate and rate limiting duration of ARP packets globally, in a VLAN, or on an interface, and enables the function of discarding all ARP packets received from the interface when the rate of ARP packets exceeds the limit on an interface.

However, this command takes effect only on ARP packets sent to the CPU for processing in none-block mode, and does not affect ARP packet forwarding by the chip. In block mode, the device discards subsequent ARP packets on an interface only when the number of ARP packets sent to the CPU exceeds the limit.

Is there a command that can limit the rate of ARP packet forwarding by the chip(switch)? For example, if the gateway is on the aggregation switch (router), how can I limit the rate of ARP packets sent from users to the aggregation device on the access switch?

Thanks.

Like (0) Dislike (0) Favorite(0) Share Report
Previous: AR3260
Next: Anniversary
Featured Answers

Best answer

Recommended answer

(1) (0)
Popeye_Wang
Admin Created Sep 16, 2020 09:04:20

Hello,

You can use the lay 2 ACL  to match ARP packets and configure MQC to limit the rate.

For example:

#

acl 4001

 rule permit l2-protocal arp 

#

traffic classifier c1

 if-match acl 4001

#

traffic behavior b1

 car cir 100 pir 100 cbs 18800 pbs 31300 share green pass yellow pass red discard

 traffic policy p1

#

classifier c1 behavior b1

#

 interface gigabitethernet 0/0/1

   traffic-policy p1 inbound

#


However, in this case, the disadvantage is that the policy needs to be applied to the inbound direction of the desired interface. Before configuring the traffic policy,  ensure that no other traffic policy is applied to the interface.

View more
  • x
  • convention:
All Answers
(1) (0)
2#
Popeye_Wang
Popeye_Wang Admin Created Sep 16, 2020 09:04:20

Hello,

You can use the lay 2 ACL  to match ARP packets and configure MQC to limit the rate.

For example:

#

acl 4001

 rule permit l2-protocal arp 

#

traffic classifier c1

 if-match acl 4001

#

traffic behavior b1

 car cir 100 pir 100 cbs 18800 pbs 31300 share green pass yellow pass red discard

 traffic policy p1

#

classifier c1 behavior b1

#

 interface gigabitethernet 0/0/1

   traffic-policy p1 inbound

#


However, in this case, the disadvantage is that the policy needs to be applied to the inbound direction of the desired interface. Before configuring the traffic policy,  ensure that no other traffic policy is applied to the interface.

View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.