3com S7906E Instruccion De Instalación

 

1-2 

If a device receives large numbers of IP packets from a host to unreachable destinations, 

z 

The device sends large numbers of ARP requests to the destination subnets, which increases the 

load of the destination subnets. 

z 

The device keeps trying to resolve destination IP addresses, which increases the load of the CPU. 

To protect the device from IP packet attacks, you can enable the ARP source suppression function or 

ARP black hole routing function. 

If the packets have the same source address, you can enable the ARP source suppression function. 

With the function enabled, whenever the number of ARP requests triggered by the packets with 

unresolvable destination IP addresses from a host within five seconds exceeds a specified threshold, 

the device suppresses the sending host from triggering any ARP requests within the following five 

seconds.  

If the packets have various source addresses, you can enable the ARP black hole routing function. 

After receiving an IP packet whose destination IP address cannot be resolved by ARP, the device with 

this function enabled immediately creates a black hole route and simply drops all packets matching the 

route during the aging time of the black hole route. 

Follow these steps to configure ARP source suppression:

Enter system view 

— 

Enable ARP source suppression 

Required 

Disabled by default. 

Set the maximum number of packets with the 
same source IP address but unresolvable 
destination IP addresses that the device can 
receive in five consecutive seconds 

arp source-suppression 
limit limit-value 

Optional 

10 by default. 

 

Follow these steps to configure ARP black hole routing: 

Enter system view 

— 

Enable ARP black hole routing 

Optional 

Enabled by default