H3C S5120-SI Series Configuration manual

Brand: H3C

Model: S5120-SI Series

Category: Networking

Type: Configuration manual

H3C S5120-SI Series Ethernet Switches

Layer 3 IP Services Configuration Guide

Hangzhou H3C Technologies Co., Ltd.

http://www.h3c.com

No part of this manual may be reproduced or transmitted in any form or by any means without prior

written consent of Hangzhou H3C Technologies Co., Ltd.

Trademarks

H3C, , Aolynk, , H

Care,

, TOP G, , IRF, NetPilot, Neocean, NeoVTL,

SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V

G, V

G, PSPT,

XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co.,

Ltd.

All other trademarks that may be mentioned in this manual are the property of their respective owners.

Notice

The information in this document is subject to change without notice. Every effort has been made in the

preparation of this document to ensure accuracy of the contents, but all statements, information, and

recommendations in this document do not constitute the warranty of any kind, express or implied.

Environmental Protection

This product has been designed to comply with the requirements on environmental protection. The

storage, use, and disposal of this product must meet the applicable national laws and regulations.

Preface

The H3C S5120-SI documentation set includes 13 configuration guides, which describe the software

features for the H3C S5120-SI Series Ethernet Switches and guide you through the software configuration

procedures. These configuration guides also provide configuration examples to help you apply software

features to different network scenarios.

This preface includes:

• Audience

• Conventions

• About the H3C S5120-SI Documentation Set

• Obtaining Documentation

• Documentation Feedback

Audience

This documentation is intended for:

Network planners

Field technical support and servicing engineers

Network administrators working with the S5120-SI series

Conventions

This section describes the conventions used in this documentation set.

Command conventions

Convention Descri

tion

Boldface Bold text represents commands and keywords that you enter literally as shown.

italic Italic text represents arguments that you replace with actual values.

[ ]

Square brackets enclose syntax choices (keywords or arguments) that are

optional.

{ x | y | ... }

Braces enclose a set of required syntax choices separated by vertical bars, from

which you select one.

[ x | y | ... ]

Square brackets enclose a set of optional syntax choices separated by vertical

bars, from which you select one or none.

{ x | y | ... } *

Asterisk marked braces enclose a set of required syntax choices separated by

vertical bars, from which you select at least one.

[ x | y | ... ] *

Asterisk marked square brackets enclose optional syntax choices separated by

vertical bars, from which you may select multiple choices or none.

&<1-n>

The argument or keyword and argument combination before the ampersand (&)

sign can be entered 1 to n times.

# A line that starts with a pound (#) sign is comments.

GUI conventions

Convention Descri

tion

< > Button names are inside angle brackets. For example, click <OK>.

[ ]

Window names, menu items, data table and field names are inside square

brackets. For example, pop up the [New User] window.

Multi-level menus are separated by forward slashes. For example,

[File/Create/Folder].

Symbols

Convention Descri

tion

Means reader be extremely careful. Improper operation may cause bodily

injury.

Means reader be careful. Improper operation may cause data loss or damage

to equipment.

Means an action or information that needs special attention to ensure successful

configuration or good performance.

Means a complementary description.

Means techniques helpful for you to make configuration with ease.

Network topology icons

Convention Descri

tion

Represents a generic network device, such as a router, switch, or firewall.

Represents a routing-capable device, such as a router or Layer 3 switch.

Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router

that supports Layer 2 forwarding and other Layer 2 features.

About the H3C S5120-SI documentation set

Cate

Documents Pur

oses

Product description and

specifications

Marketing brochures Describe product specifications and benefits.

Technology white papers

Provide an in-depth description of software features

and technologies.

Card datasheets Describe card specifications, features, and standards.

Hardware specifications

and installation

Compliance and safety

manual

Provides regulatory information and the safety

instructions that must be followed during installation.

Quick start

Guides you through initial installation and setup

procedures to help you quickly set up and use your

device with the minimum configuration.

Installation guide

Provides a complete guide to hardware installation

and hardware specifications.

Card manuals Provide the hardware specifications of cards.

H3C Cabinet Installation

and Remodel Introduction

Guides you through installing and remodeling H3C

cabinets.

H3C Pluggable SFP

[SFP+][XFP] Transceiver

Modules Installation

Guide

Guides you through installing SFP/SFP+/XFP

transceiver modules.

Adjustable Slider Rail

Installation Guide

Guides you through installing adjustable slider rails to

a rack.

H3C High-End Network

Products Hot-Swappable

Module Manual

Describes the hot-swappable modules available for the

H3C high-end network products, their external views,

and specifications.

Software configuration

Configuration guides

Describe software features and configuration

procedures.

Command references Provide a quick reference to all available commands.

Configuration examples

Describe typical network scenarios and provide

configuration examples and instructions.

Operations and

maintenance

System log messages Explains the system log messages.

Trap messages Explains the trap messages.

MIB Companion Describes the MIBs for the software release.

Release notes

Provide information about the product release,

including the version history, hardware and software

compatibility matrix, version upgrade information,

technical support information, and software

upgrading.

Error code reference Explains the error codes.

Obtaining documentation

You can access the most up-to-date H3C product documentation on the World Wide Web at

http://www.h3c.com

Click the links on the top navigation bar to obtain different categories of product documentation:

[Technical Support & Documents > Technical Documents]

– Provides hardware installation, software

upgrading, and software feature configuration and maintenance documentation.

[Products & Solutions]

– Provides information about products and technologies, as well as solutions.

[Technical Support & Documents > Software Download]

– Provides the documentation released with the

software version.

Documentation feedback

You can e-mail your comments about product documentation to info@h3c.com.

We appreciate your comments.

Table of Contents

Preface ·········································································································································································· 3

Audience ············································································································································································ 3

Conventions ······································································································································································· 4

About the H3C S5120-SI documentation set ················································································································· 6

ARP configuration ······················································································································································ 11

ARP overview ·································································································································································· 11

ARP function ··························································································································································· 11

ARP message format ············································································································································· 11

ARP address resolution process ··························································································································· 12

ARP table ································································································································································ 13

Configuring ARP ····························································································································································· 13

Configuring a static ARP entry ····························································································································· 13

Configuring the maximum number of ARP entries for an interface ·································································· 14

Setting the aging time for dynamic ARP entries ································································································· 14

Enabling ARP entry check ····································································································································· 15

ARP configuration example ·································································································································· 15

Configuring gratuitous ARP ··········································································································································· 16

Introduction to gratuitous ARP ······························································································································ 16

Displaying and maintaining ARP ·································································································································· 17

ARP attack defense configuration ····························································································································· 18

Configuring ARP active acknowledgement ················································································································· 18

Introduction ···························································································································································· 18

Configuring ARP active acknowledgement ········································································································ 18

Configuring source MAC address based ARP attack detection ··············································································· 19

Configuration procedure ······································································································································ 19

Displaying and maintaining source MAC address based ARP attack detection ············································ 20

Configuring ARP packet rate limit ································································································································ 20

Configuring the ARP packet rate limit function ·································································································· 20

Configuring ARP detection ············································································································································ 21

Introduction to ARP detection ······························································································································· 21

Enabling ARP detection based on DHCP snooping entries/802.1X security entries/static IP-to-MAC bindings

················································································································································································ 22

Configuring ARP detection based on specified objects ···················································································· 24

Displaying and maintaining ARP detection ········································································································ 25

ARP detection configuration example I ··············································································································· 25

ARP detection configuration example II ·············································································································· 27

Configuring periodic sending of gratuitous ARP packets ·························································································· 28

IP addressing configuration ······································································································································· 30

IP addressing overview ·················································································································································· 30

IP address classes ·················································································································································· 30

Special IP addresses ············································································································································· 31

Subnetting and masking ······································································································································· 31

Configuring IP addresses ·············································································································································· 32

Assigning an IP address to an interface ············································································································· 32

Displaying and maintaining IP addressing ················································································································· 32

DHCP relay agent configuration ······························································································································· 33

Introduction to DHCP relay agent ································································································································ 33

Application environment ······································································································································· 33

Fundamentals ························································································································································· 33

DHCP relay agent support for Option 82 ·········································································································· 34

Configuring the DHCP relay agent ······························································································································ 35

Enabling DHCP ······················································································································································ 35

Enabling DHCP relay agent on an interface ······································································································ 35

Correlating a DHCP server group with a relay agent interface ······································································· 36

Configuring the DHCP relay agent security functions ······················································································· 36

Using the DHCP relay agent to send a DHCP-release request ········································································· 38

Configuring the DHCP relay agent to support Option 82 ················································································ 39

Displaying and maintaining DHCP relay agent configuration ·················································································· 40

DHCP relay agent configuration examples ················································································································· 40

DHCP relay agent configuration example ·········································································································· 40

DHCP relay agent Option 82 support configuration example ········································································· 42

Troubleshooting DHCP relay agent configuration ······································································································ 42

DHCP client configuration ········································································································································· 44

Introduction to DHCP client ··········································································································································· 44

Enabling the DHCP client on an interface ··················································································································· 44

Displaying and maintaining the DHCP client ·············································································································· 45

DHCP client configuration example ····························································································································· 45

DHCP snooping configuration ·································································································································· 46

DHCP snooping overview ············································································································································· 46

Function of DHCP snooping ································································································································· 46

Application environment of trusted ports ············································································································ 47

DHCP snooping support for Option 82 ·············································································································· 48

Configuring DHCP snooping basic functions ·············································································································· 49

Configuring DHCP snooping to support Option 82 ··································································································· 50

Prerequisites ··························································································································································· 50

Configuring DHCP snooping to support Option 82 ·························································································· 50

Displaying and maintaining DHCP snooping ············································································································· 52

DHCP snooping configuration examples ····················································································································· 52

DHCP snooping configuration example ············································································································· 52

DHCP snooping Option 82 support configuration example ············································································ 53

BOOTP client configuration ······································································································································· 55

Introduction to BOOTP client ········································································································································ 55

BOOTP application ··············································································································································· 55

Obtaining an IP address dynamically ················································································································· 55

Protocols and standards ······································································································································· 55

Configuring an interface to dynamically obtain an IP address through BOOTP ···················································· 56

Displaying and maintaining BOOTP client configuration ·························································································· 56

BOOTP client configuration example ·························································································································· 56

IP performance optimization configuration ·············································································································· 58

IP performance optimization overview ························································································································ 58

Enabling reception and forwarding of directed broadcasts to a directly connected network ······························ 58

Enabling reception of directed broadcasts to a directly connected network ·················································· 58

Enabling forwarding of directed broadcasts to a directly connected network ··············································· 59

Configuring TCP attributes ············································································································································ 59

Enabling the SYN Cookie feature ······················································································································· 59

Enabling protection against Naptha attacks ······································································································ 60

Configuring TCP optional parameters ················································································································· 61

Configuring ICMP to send error packets ····················································································································· 61

Displaying and maintaining IP performance optimization ························································································ 63

Obtaining support for your product ·························································································································· 64

Register your product ····················································································································································· 64

Purchase value-added services ····································································································································· 64

Troubleshoot online ························································································································································ 64

Access software downloads ·········································································································································· 65

Telephone technical support and repair ······················································································································ 65

Contact us ······································································································································································· 65

Acronyms ···································································································································································· 66

Index ··········································································································································································· 83

ARP configuration

ARP overview

ARP function

ARP is used to resolve an IP address into a physical address, such as an Ethernet MAC address.

In an Ethernet LAN, when a device sends data to another device, it uses ARP to translate the destination

IP address to the corresponding MAC address.

ARP message format

ARP messages include ARP requests and ARP replies. Figure 1 shows the ARP message format.

Figure 1 ARP message format

The following explains the fields in Figure 1.

• Hardware type: This field specifies the hardware address type. The value “1” represents Ethernet.

• Protocol type: This field specifies the type of the protocol address to be mapped. The hexadecimal

value “0x0800” represents IP.

• Hardware address length and protocol address length: They respectively specify the length of a

hardware address and a protocol address, in bytes. For an Ethernet address, the value of the

hardware address length field is "6”. For an IP(v4) address, the value of the protocol address length

field is “4”.

• OP: Operation code. This field specifies the type of ARP message. The value “1” represents an ARP

request and “2” represents an ARP reply.

• Sender hardware address: This field specifies the hardware address of the device sending the

message.

• Sender protocol address: This field specifies the protocol address of the device sending the message.

• Target hardware address: This field specifies the hardware address of the device the message is

being sent to.

• Target protocol address: This field specifies the protocol address of the device the message is being

sent to.

ARP address resolution process

Suppose that Host A and Host B are on the same subnet and Host A sends a packet to Host B, as shown

in Figure 2. The resolution process is as follows:

1. Host A looks into its ARP table to see whether there is an ARP entry for Host B. If yes, Host A uses

the MAC address in the entry to encapsulate the IP packet into a data link layer frame and sends

the frame to Host B.

2. If Host A finds no entry for Host B, Host A buffers the packet and broadcasts an ARP request, in

which the sender IP address and the sender MAC address are the IP address and the MAC address

of Host A respectively, and the target IP address and the target MAC address are the IP address of

Host B and an all-zero MAC address respectively. Because the ARP request is a broadcast, all hosts

on this subnet can receive the request, but only the requested host (namely, Host B) will respond to

the request.

3. Host B compares its own IP address with the destination IP address in the ARP request. If they are

the same, Host B saves the source IP address and source MAC address in its ARP table,

encapsulates its MAC address into an ARP reply, and unicasts the reply to Host A.

4. After receiving the ARP reply, Host A adds the MAC address of Host B to its ARP table. Meanwhile,

Host A encapsulates the IP packet and sends it out.

Figure 2 ARP address resolution process

If Host A and Host B are not on the same subnet:

1. Host A first sends an ARP request to the gateway. The destination IP address in the ARP request is

the IP address of the gateway.

2. After obtaining the MAC address of the gateway from an ARP reply, Host A sends the packet to the

gateway.

3. If the gateway maintains the ARP entry of Host B, it forwards the packet to Host B directly; if not, it

broadcasts an ARP request, in which the target IP address is the IP address of Host B.

4. After obtaining the MAC address of Host B, the gateway sends the packet to Host B.

ARP table

After obtaining the MAC address for the destination host, the device puts the IP-to-MAC mapping into its

own ARP table. This mapping is used for forwarding packets with the same destination in future.

An ARP table contains ARP entries, which fall into one of two categories: dynamic or static.

Dynamic ARP entry

A dynamic entry is automatically created and maintained by ARP. It can get aged, be updated by a new

ARP packet, or be overwritten by a static ARP entry. When the aging timer expires or the interface goes

down, the corresponding dynamic ARP entry will be removed.

Static ARP entry

A static ARP entry is manually configured and maintained. It does not age out and cannot be overwritten

by a dynamic ARP entry.

Using static ARP entries enhances communication security. You can configure a static ARP entry to restrict

an IP address to communicate with the specified MAC address only. After that, attack packets cannot

modify the IP-to-MAC mapping specified in the static ARP entry, so communications between the

protected device and the specified device are ensured.

Static ARP entries can be classified into permanent or non-permanent.

• A permanent static ARP entry can be directly used to forward packets. When configuring a

permanent static ARP entry, you must configure a VLAN and an outbound interface for the entry

besides the IP address and the MAC address.

• A non-permanent static ARP entry has only an IP address and a MAC address configured. It cannot

be directly used for forwarding data. If a non-permanent static ARP entry matches an IP packet to be

forwarded, the device sends an ARP request first. If the sender IP and MAC addresses in the

received ARP reply are the same as those in the non-permanent static ARP entry, the device adds the

interface receiving the ARP reply to the non-permanent static ARP entry. Then the entry can be used

for forwarding IP packets.

• Usually ARP dynamically resolves IP addresses to MAC addresses, without manual intervention.

Configuring ARP

Configuring a static ARP entry

A static ARP entry is effective when the device works normally. However, when a VLAN or VLAN interface

to which a static ARP entry corresponds is deleted, the entry, if permanent, will be deleted, and if non-

permanent and resolved, will become unresolved.

To configure a static ARP entry:

To do… Use the command… Remarks

1. Enter system view

system-view

—

To do… Use the command… Remarks

2. Configure a permanent

static ARP entry

arp static ip-address mac-address

vlan-id interface-type interface-number

Required

No permanent static ARP entry is

configured by default.

3. Configure a non-

permanent static ARP

entry

arp static ip-address mac-address

Required

No non-permanent static ARP entry

is configured by default.

• The vlan-id argument must be the ID of an existing VLAN which corresponds to the ARP entries. In addition, the

Ethernet interface following the argument must belong to that VLAN. A VLAN interface must be created for the

VLAN.

• The IP address of the VLAN interface corresponding to the vlan-id argument must belong to the same network

segment as the IP address specified by the ip-address argument.

Configuring the maximum number of ARP entries for an

interface

To set the maximum number of dynamic ARP entries that an interface can learn:

To do… Use the command… Remarks

1. Enter system view

system-view

—

2. Enter Ethernet interface view

interface interface-type interface-number

—

3. Set the maximum number of

dynamic ARP entries that an

interface can learn

arp max-learning-num number

Optional

Default: 256

Setting the aging time for dynamic ARP entries

To keep pace with network changes, each dynamic ARP entry in the ARP table has a limited lifetime,

called its aging time. The aging time is reset each time the dynamic ARP entry is used. Dynamic ARP

entries that are not refreshed before their aging time expires are deleted from the ARP table. You can

adjust the aging time for dynamic ARP entries.

To set the aging time for dynamic ARP entries:

To do… Use the command… Remarks

1. Enter system view

system-view

—

2. Set the aging time for

dynamic ARP entries

arp timer aging aging-time

Optional

20 minutes by default.

Enabling ARP entry check

The ARP entry check function controls whether the switch can learn multicast MAC addresses.

• When ARP entry check is enabled, the switch cannot learn any ARP entry with a multicast MAC

address, and you are not allowed to configure a static ARP entry with a multicast MAC address. If

you try, the system displays an error message.

• When ARP entry check is disabled, the switch can learn, and you can configure, static ARP entries

with multicast MAC addresses.

To enable ARP entry check:

To do… Use the command… Remarks

1. Enter system view

system-view

—

2. Enable the ARP entry check

arp check enable

Optional

Enabled by default; that is, by

default the switch is cannot learn

multicast MAC addresses.

ARP configuration example

Network requirements

As shown in Figure 3, hosts are connected to Switch, which is connected to Router through interface

GigabitEthernet1/0/1 belonging to VLAN 10. The IP address of Router is 192.168.1.1/24. The MAC

address of Router is 00e0-fc01-0000.

To enhance communication security for Router and Switch, static ARP entries are configured on Switch.

Figure 3 Network diagram for configuring static ARP entries

Configuration procedure

Configure Switch

Create VLAN 10.

<Switch> system-view

[Switch] vlan 10

[Switch-vlan10] quit

Add interface GigabitEthernet 1/0/1 to VLAN 10.

[Switch] interface GigabitEthernet 1/0/1

[Switch-GigabitEthernet1/0/1] port access vlan 10

[Switch-GigabitEthernet1/0/1] quit

Create interface VLAN-interace 10 and configure its IP address.

[Switch] interface vlan-interface 10

[Switch-vlan-interface10] ip address 192.168.1.2 8

[Switch-vlan-interface10] quit

Configure a static ARP entry with IP address 192.168.1.1 and MAC address 00e0-fc01-0000. The

outgoing interface corresponding to the static ARP entry is GigabitEthernet 1/0/1 belonging to VLAN

10.

[Switch] arp static 192.168.1.1 00e0-fc01-0000 10 GigabitEthernet 1/0/1

View information about static ARP entries.

[Switch] display arp static

Type: S-Static D-Dynamic

IP Address MAC Address VLAN ID Interface Aging Type

192.168.1.1 00e0-fc01-0000 10 GE1/0/1 N/A S

Configuring gratuitous ARP

Introduction to gratuitous ARP

A gratuitous ARP packet is a special ARP packet, in which the sender IP address and the target IP address

are both the IP address of the device issuing the packet, the sender MAC address is the MAC address of

the device, and the target MAC address is the broadcast address ff:ff:ff:ff:ff:ff.

A device implements the following functions by sending gratuitous ARP packets:

• Determining whether its IP address is already used by another device.

• Informing other devices of a change in its MAC address, so that they can update their ARP entries.

A device receiving a gratuitous ARP packet adds the information carried in the packet to its own dynamic

ARP table if it finds that no corresponding ARP entry exists in the cache.

Configuring gratuitous ARP

To configure gratuitous ARP:

To do… Use the command… Remarks

1. Enter system view

system-view

—

2. Enable the device to send

gratuitous ARP packets when

receiving ARP requests from

another network segment

gratuitous-arp-sending

enable

Required

By default, a device cannot send

gratuitous ARP packets when

receiving ARP requests from

another network segment.

3. Enable the gratuitous ARP packet

learning function

gratuitous-arp-learning

enable

Optional

Enabled by default.

Displaying and maintaining ARP

Clearing ARP entries from the ARP table will cancel IP-to-MAC mappings. This may cause communication failures.

To do… Use the command… Remarks

Display ARP entries in the

ARP table

display arp [ [ all | dynamic | static ] | vlan

vlan-id | interface interface-type interface-number ]

[ [ | { begin | exclude | include } regular-

expression ] | count ]

Available in any

view

Display the ARP entry for a

specified IP address

display arp ip-address [| { begin | exclude |

include } regular-expression ]

Available in any

view

Display the aging time for

dynamic ARP entries

display arp timer aging

Available in any

view

Clear ARP entries from the

ARP table

reset arp { all | dynamic | static | interface

interface-type interface-number }

Available in user

view

ARP attack defense configuration

Although ARP is easy to implement, it can be vulnerable to network attacks. ARP attacks and viruses can

be a threat to LAN security. However, the device provides multiple features to detect and prevent such

attacks.

Configuring ARP active acknowledgement

Introduction

Typically, the ARP active acknowledgement feature is configured on gateway devices to identify invalid

ARP packets.

With this feature enabled, when the gateway receives an ARP packet whose source MAC address does

not match the gateway’s corresponding ARP entry, the gateway checks whether its ARP entry has been

updated within the last minute.

• If yes, the gateway does not update the ARP entry.

• If not, the gateway unicasts an ARP request to the source MAC address of the ARP entry.

• If an ARP reply is received within five seconds, the ARP packet is ignored.

• If not, the gateway unicasts an ARP request to the MAC address of the ARP packet.

• If an ARP reply is received within five seconds, the gateway updates the ARP entry.

• If not, the ARP entry is not updated.

Configuring ARP active acknowledgement

To configure ARP active acknowledgement:

To do… Use the command… Remarks

1. Enter system view

system-view

—

2. Enable the ARP active

acknowledgement function

arp anti-attack active-ack

enable

Required

Disabled by default.

Configuring source MAC address based ARP attack

detection

Introduction

With this feature enabled, the device checks the source MAC address of ARP packets delivered to the

CPU. It detects an attack when one MAC address sends more ARP packets in five seconds than the

configured threshold.

The detection mode you set determines how the device responds to a detected attack.

• Monitor mode: generates an alarm.

• Filter mode: generates an alarm and filters out ARP packets from the attacking MAC source.

Only ARP packets delivered to the CPU are detected.

You can also configure protected MAC addresses to exclude devices such as a gateway or server from

detection, so that they do not trigger alarms and filtering. You can set an aging timer for the protected

MAC addresses, to limit how long they are protected.

A protected MAC address is no longer excluded from detection after the specified aging time expires

Configuration procedure

Enabling source MAC address based ARP attack detection

To enable source MAC address based ARP attack detection and set the detection mode:

To do… Use the command… Remarks

1. Enter system view

system-view

—

2. Enable source MAC address

based ARP attack detection

and specify the detection mode

arp anti-attack source-mac {

filter | monitor }

Required

Disabled by default.

Configuring the threshold

To configure the threshold:

To do… Use the command… Remarks

1. Enter system view

system-view

—

2. Configure the threshold

arp anti-attack source-mac

threshold threshold-value

Optional

50 by default

Configuring protected MAC addresses

You can specify certain MAC addresses, such as that of a gateway or important servers, as protected

MAC addresses. A protected MAC address is excluded from ARP attack detection. It will not trigger an

alarm or filtering even when it sends more ARP packets than the specified threshold.

To configure protected MAC addresses:

To do… Use the command… Remarks

1. Enter system view

system-view

—

2. Configure protected MAC

addresses

arp anti-attack source-mac

exclude-mac mac-address&<1-

10>

Optional

Not configured by default.

Configuring the aging timer for protected MAC addresses

When its aging timer expires, a protected MAC address stops being protected.

To configure the aging timer for protected MAC addresses:

To do… Use the command… Remarks

1. Enter system view

system-view

—

2. Configure aging timer for

protected MAC addresses

arp anti-attack source-mac

aging-time time

Optional

Five minutes by default.

Displaying and maintaining source MAC address based ARP

attack detection

To do… Use the command… Remarks

Display attacking entries detected

display arp anti-attack source-mac [

interface interface-type interface-number ]

Available in any

view

Configuring ARP packet rate limit

Introduction

This feature allows you to limit the rate of ARP packets to be delivered to the CPU.

Configuring the ARP packet rate limit function

To configure ARP packet rate limit in Ethernet interface view:

Page is loading ...

H3C S5120-SI Series Configuration manual

Brand: H3C

Model: S5120-SI Series

Category: Networking

Type: Configuration manual

Download PDF

report

H3C S5120-SI Series Configuration manual

H3C S5120-SI Series Configuration manual

Related papers

Other documents