1-3Enabling ARP Black Hole RoutingFollow these steps to configure ARP black hole routing:To do… Use the command… RemarksEnter system view system-view —Enable ARP black hole routing arp resolving-route enable OptionalEnabled by defaultDisplaying and Maintaining ARP Source SuppressionTo do… Use the command… RemarksDisplay the ARP source suppressionconfiguration information display arp source-suppression Available in any viewConfiguring ARP Packet Rate LimitIntroductionThis feature allows you to limit the rate of ARP packets to be delivered to the CPU. For example, if anattacker sends a large number of ARP packets to an ARP detection enabled device, the CPU of thedevice may become overloaded because all the ARP packets are redirected to the CPU for checking.As a result, the device fails to deliver other functions properly or even crashes. To prevent this, you needto configure ARP packet rate limit.It is recommended that you enable this feature after the ARP detection is configured, or use this featureto prevent ARP flood attacks.Configuration ProcedureFollow these steps to configure ARP packet rate limit:To do… Use the command… RemarksEnter system view system-view —Enter Ethernet interfaceviewinterface interface-typeinterface-number —Configure ARP packet ratelimitarp rate-limit { disable |rate pps drop }RequiredBy default, the ARP packet rate limitis enabled and is 100 pps.Configuring Source MAC Address Based ARP Attack DetectionIntroductionThis feature allows the device to check the source MAC address of ARP packets. If the number of ARPpackets sent from a MAC address within five seconds exceeds the specified value, the deviceconsiders this an attack and adds the MAC address to the attack detection table. Before the attack