Operation Manual – ARPH3C S7500 Series Ethernet Switches Chapter 1 ARP Configuration1-6Note:z Generally, ports in the same VLAN are interconnected at Layer 2 by default. So,proxy ARP only processes inter-VLAN ARP requests and does not deal withintra-VLAN ARP requests.z When isolate-user-vlan function is enabled on the Layer 2 switches connected withthe S7500, ports in the same VLAN are isolated with each other at Layer 2. Toprovide Layer 3 connectivity between Layer 2 isolated ports in the same VLAN, youneed to enable the intra-VLAN proxy ARP on the S7500 to have proxy ARP processintra-VLAN ARP requests.1.1.8 Introduction to ARP Source SuppressionWith the ARP source suppression function, the switch classifies incoming ARP packetsand limits the maximum number of ARP packets with the same type that can be sent tothe CPU in a time of time, so as to protect the CPU from being attacked by illegal ARPpackets generated by ARP scanning of a host to the whole network.An S7500 series switch classifies incoming ARP packets into the following types:z Arbitrary ARP packets, whose source/destination IP addresses are notdistinguishedz Pass-through ARP packets, whose source IP addresses are the same one anddestination IP addresses are not the IP address of the current switchz Locally-terminated ARP packets, whose source IP addresses are the same oneand destination addresses are the IP address of the current switch.For each type, you can set the maximum number of ARP packets that can be sent tothe CPU in a unit of time on the switch. When the number of ARP packets received in aunit of time exceeds the corresponding setting, the switch will regard the exceedingones as illegal ARP packets and discard them.1.2 Configuring ARPARP entries in an S7500 series Ethernet switch falls into two types: static and dynamic,as described in Table 1-4.Table 1-4 ARP entryARP entry Generation method Maintenance methodStatic ARP entry Manually configured Manual maintenanceDynamic ARPentry Dynamically generated A dynamic ARP entry ages out whenARP aging timer expires.