1-3Configuring ARP Source SuppressionFollow these steps to configure ARP source suppression:To do… Use the command… RemarksEnter system view system-view —Enable ARP source suppression arp source-suppressionenableRequiredDisabled by default.Set the maximum number of packets with thesame source IP address but unresolvabledestination IP addresses that the device canreceive in five consecutive secondsarp source-suppressionlimit limit-valueOptional10 by default.Enabling ARP Black Hole RoutingFollow these steps to configure ARP black hole routing:To do… Use the command… RemarksEnter system view system-view —Enable ARP black hole routing arp resolving-route enable OptionalEnabled by defaultDisplaying and Maintaining ARP Defense Against IP Packet AttacksTo do… Use the command… RemarksDisplay the ARP source suppressionconfiguration informationdisplay arpsource-suppression Available in any viewConfiguring ARP Packet Rate LimitIntroductionThis feature allows you to limit the rate of ARP packets to be delivered to the CPU. For example, if anattacker sends a large number of ARP packets to an ARP detection enabled device, the CPU of thedevice may become overloaded because all the ARP packets are redirected to the CPU for checking.As a result, the device fails to deliver other functions properly or even crashes. To prevent this, youneed to configure ARP packet rate limit.It is recommended that you enable this feature after the ARP detection, ARP snooping, or MFF featureis configured, or use this feature to prevent ARP flood attacks.Configuration ProcedureFollow these steps to configure ARP packet rate limit:To do… Use the command… RemarksEnter system view system-view —
