Displaying And Maintaining Arp Defense Against Ip Packet Attacks; Configuring Arp Packet Rate Limit; Introduction; Configuration Procedure - HP 12500 Series Configuration Manual

Displaying and maintaining ARP defense against IP packet
attacks
Task
Display the ARP source suppression
configuration information.

Configuring ARP packet rate limit

Introduction

The ARP packet rate limit feature allows you to limit the rate of ARP packets to be delivered to the CPU
on a switch. For example, if an attacker sends a large number of ARP packets to an ARP detection
enabled switch, the CPU of the switch may become overloaded because all the ARP packets are
redirected to the CPU for checking. As a result, the switch fails to deliver other functions properly or even
crashes. To solve this problem, you can configure ARP packet rate limit.
HP recommends that you configure this feature after the ARP detection feature is configured, or use this
feature to prevent ARP flood attacks.

Configuration procedure

To configure ARP packet rate limit:
Step
1. Enter system view.
2. Enter Layer 2 Ethernet
interface/Layer
aggregate interface view.
3. Configure ARP packet rate
limit.
Configuring source MAC address based ARP
attack detection
This feature checks the number of ARP packets received from the same MAC address within 5 seconds
against a specific threshold. If the threshold is exceeded, the device adds the MAC address in an ARP
attack entry. Before the entry is aged out, the device handles the attack by using either of the following
methods:
Monitor—Only generates log messages.
•
Filter—Generates log messages and filters out subsequent ARP packets from that MAC address.
•
Command
display arp source-suppression
[ | { begin | exclude | include }
regular-expression ]
Command
system-view
interface interface-type
2
interface-number
arp rate-limit { disable | rate
pps drop }
267
Remarks
Available in any view.
Remarks
N/A
N/A
By default, ARP packet rate limit is
disabled and ranges from 10 to 5000.