3com 5500-ei pwr Installation Instruction

 

2-8 

Enable the ARP packet rate 
limit function  

Required 

By default, the ARP packet rate 
limit function is disabled on a 
port.  

Configure the maximum ARP 
packet rate allowed on the port 

arp rate-limit rate 

Optional 

By default, the maximum ARP 
packet rate allowed on a port is 
15 pps.  

Quit to system view 

— 

Enable the port state 
auto-recovery function 

Optional 

Disabled by default. 

Configure the port state 
auto-recovery interval 

arp protective-down recover 
interval interval 

Optional 

By default, when the port state 
auto-recovery function is 
enabled, the port state 
auto-recovery interval is 300 
seconds. 

 

z 

You need to enable the port state auto-recovery feature before you can configure the port state 

auto-recovery interval. 

z 

You are not recommended to configure the ARP packet rate limit function on the ports of an 

aggregation group. 

 

As shown in 

, Ethernet 1/0/1 of Switch A connects to DHCP Server; Ethernet 1/0/2 connects 

to Client A, Ethernet 1/0/3 connects to Client B. Ethernet 1/0/1, Ethernet 1/0/2 and Ethernet 1/0/3 

belong to VLAN 1.  

z 

Enable DHCP snooping on Switch A and specify Ethernet 1/0/1 as the DHCP snooping trusted 

port. 

z 

Enable ARP attack detection in VLAN 1 to prevent ARP man-in-the-middle attacks, and specify 

Ethernet 1/0/1 as the ARP trusted port. 

z 

Enable the ARP packet rate limit function on Ethernet 1/0/2 and Ethernet 1/0/3 of Switch A, so as to 

prevent Client A and Client B from attacking Switch A through ARP traffic.  

z 

Enable the port state auto recovery function on the ports of Switch A, and set the recovery interval 

to 200 seconds.