2-8To do… Use the command… RemarksEnter Ethernet port view interface interface-typeinterface-number —Enable the ARP packet ratelimit function arp rate-limit enableRequiredBy default, the ARP packet ratelimit function is disabled on aport.Configure the maximum ARPpacket rate allowed on the port arp rate-limit rateOptionalBy default, the maximum ARPpacket rate allowed on a port is15 pps.Quit to system view quit —Enable the port stateauto-recovery functionarp protective-down recoverenableOptionalDisabled by default.Configure the port stateauto-recovery intervalarp protective-down recoverinterval intervalOptionalBy default, when the port stateauto-recovery function isenabled, the port stateauto-recovery interval is 300seconds.z You need to enable the port state auto-recovery feature before you can configure the port stateauto-recovery interval.z You are not recommended to configure the ARP packet rate limit function on the ports of a fabric oran aggregation group.ARP Attack Defense Configuration ExampleARP Attack Defense Configuration Example INetwork requirementsAs shown in Figure 2-3, Ethernet 1/0/1 of Switch A connects to DHCP Server; Ethernet 1/0/2 connectsto Client A, Ethernet 1/0/3 connects to Client B. Ethernet 1/0/1, Ethernet 1/0/2 and Ethernet 1/0/3belong to VLAN 1.z Enable DHCP snooping on Switch A and specify Ethernet 1/0/1 as the DHCP snooping trustedport.z Enable ARP attack detection in VLAN 1 to prevent ARP man-in-the-middle attacks, and specifyEthernet 1/0/1 as the ARP trusted port.z Enable the ARP packet rate limit function on Ethernet 1/0/2 and Ethernet 1/0/3 of Switch A, so as toprevent Client A and Client B from attacking Switch A through ARP traffic.z Enable the port state auto recovery function on the ports of Switch A, and set the recovery intervalto 200 seconds.