Why sometimes the return rate is 5 pps when ARP request packets containing the same source IP address are sent

7

The router sets the rate limit for ARP packets containing the same source IP address to a default value 5 pps to prevent ARP attacks.

Other related questions:
After I send ARP Request packets with the same source IP address, why do I sometimes receive response packets only at the rate of five packets per second
By default, AR series routers limit the rate of Address Resolution Protocol (ARP) packets with the same source IP address to prevent ARP attacks. The default rate limit is 5 packets per second.

Do S series switches support rate limiting based on IP addresses
S series switches (except S1700 switches) do not support rate limiting based on IP addresses.

What are the causes for ARP request packet attacks on S series
For S series switcheses (except S1700 switches): This problem may be caused by intranet computer viruses or special software. If services are normal, no action is required. If services are faulty, locate faults based on symptoms. For example, you can configure attack source tracing on the switch to search for the attack source before implementing further operations.

For S series switches, what ARP attack defense methods can be used on packets with the same source IP address
For S series switches: If excessive protocol packets are sent to the CPU, the CPU may be overloaded. Therefore, the switch limits the rate of ARP packets sent to the CPU and has default attack defense policies configured. To view ARP attack defense methods, run the display arp anti-attack configuration all command.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top