DES-7200 Configuration Guide Chapter 12 NFPP Configuration
12-12
Command Function
DES-7200(config)# nfpp
Enter the nfpp configuration mode.
DES-7200(config-nfpp)# arp-guard
rate-limit {per-src-ip | per-src-mac} pps
Configure the arp-guard rate-limit, ranging from 1 to
9999, 4 by default.
per-src-ip: detect the hosts based on the source IP
address/VID/port;
per-src-mac: detect the hosts based on the source
MAC address/VID/port.
DES-7200(config-nfpp)# arp-guard
attack-threshold {per-src-ip |
per-src-mac} pps
Configure the arp-guard attack threshold, ranging
from 1 to 9999, 8 by default. When the ARP packet
number sent from a host exceeds the attack
threshold, the attack is detected and ARP-guard
isolates the host, records the message and sends the
TRAP packet.
per-src-ip: detect the hosts based on the source IP
address/VID/port;
per-src-mac: detect the hosts based on the source
MAC address/VID/port.
DES-7200(config-nfpp)# arp-guard
scan-threshold pkt-cnt
Configure the arp-guard scan threshold, in 10s,
ranging from 1 to 9999, 15 by default. If 15 or more
than 15 ARP packets have been received within 10s,
and the source MAC address on link layer is fixed
while the source IP address is changing, or the
source MAC address and source IP address are fixed
while the destination IP address is changing, ARP
scan is detected and recorded in the syslog and the
TRAP messages are sent.
DES-7200(config-nfpp)# end
Return to the privileged EXEC mode.
DES-7200# configure terminal
Enter the global configuration mode.
DES-7200(config)# interface
interface-name
Enter the interface configuration mode.