R211x-HP Flexfabric 11900 Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products

221

222

223

224

225

226

227

228

229

230

219

Configuring ARP packet rate limit

The ARP packet rate limit feature allows you to limit the rate of ARP packets to be delivered to the CPU.

For example, if an attacker sends a large number of ARP packets to an ARP detection enabled device, the

device CPU is overloaded because all ARP packets are redirected to the CPU for inspection. As a result,

the device fails to provide other functions or even crash. To solve this problem, you can configure ARP

packet rate limit.

Configuration guidelines

Configure this feature when ARP detection, ARP snooping, or when ARP flood attacks are detected.

Configuration procedure

This task sets a rate limit for ARP packets received on an interface. When the receiving rate of ARP

packets on the interface exceeds the rate limit, those packets are discarded. You can enable sending

notifications to the SNMP module or enabling logging for ARP packet rate limit. If sending notifications

is enabled for the events, you must use the snmp-agent target-host to set the notification type and target

host. For more information about notifications, see Network Management and Monitoring Command

Reference.

To configure ARP packet rate limit:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. (Optional.) Enable notification

sending for ARP.

snmp-agent trap enable arp

[ rate-limit ]

By default, notification sending for

ARP is disabled.

3. (Optional.) Enable logging for

ARP packet rate limit.

arp rate-limit log enable

By default, logging for ARP packet

rate limit is disabled.

4. (Optional.) Set the notification

and log message sending

interval.

arp rate-limit log interval

seconds

By default, the device sends

notifications and log messages at an

interval of 60 seconds.

5. Enter Layer 2 Ethernet

interface view.

interface interface-type

interface-number

N/A

6. Enable ARP packet rate limit

and configure the rate limit.

arp rate-limit [ pps ]

By default, ARP packet rate limit is

enabled, and the rate limit is 100

pps.

Configuring source MAC-based ARP attack

detection

This feature checks the number of ARP packets received from the same MAC address within 5 seconds

against a specific threshold. If the threshold is exceeded, the device adds the MAC address in an ARP

attack entry. Before the entry is aged out, the device handles the attack by using either of the following

methods: