2-4A protected MAC address is no longer excluded from detection after the specified aging time expires.Configuring ARP Packet Source MAC Address Consistency CheckIntroduction to ARP Packet Source MAC Address Consistency CheckThis feature enables a gateway device to filter out ARP packets with the source MAC address in theEthernet header different from the sender MAC address in the ARP message, so that the gatewaydevice can learn correct ARP entries.Configuring ARP Packet Source MAC Address Consistency CheckFollow these steps to enable ARP packet source MAC address consistency check:To do… Use the command… RemarksEnter system view system-view —Enable ARP packet source MACaddress consistency checkarp anti-attack valid-checkenableRequiredDisabled by default.Configuring ARP Packet Rate LimitIntroduction to ARP Packet Rate LimitThis feature allows you to limit the rate of ARP packets to be delivered to the CPU. For example, if anattacker sends a large number of ARP packets to an ARP detection enabled device, the CPU of thedevice may become overloaded because all the ARP packets are redirected to the CPU for checking.As a result, the device cannot deliver other functions properly or even crashes. To prevent it, you needto enable ARP packet rate limit.You can enable this feature after ARP detection is configured, or to prevent ARP flood attacks.Configuring the ARP Packet Rate Limit FunctionFollow these steps to configure ARP packet rate limit in Ethernet interface view:To do… Use the command… RemarksEnter system view system-view —Enter Ethernet interface view interface interface-type interface-number —Configure ARP packet rate limit arp rate-limit { disable | rate pps drop } RequiredDisabled by default.