DES-7200 Configuration Guide Chapter 12 NFPP Configuration
12-15
Caution
MAC address-based rate limit takes precedence over IP address-based rate
limit. IP address-based rate limit takes precedence over port-based rate limit.
It is recommended for the administrator to follow the following principle of
configuring the host-based rate-limit and attack threshold, in order to perform
the best arp-guard function:
IP address-based rate-limit threshold < IP address-based attack threshold <
source MAC address-based rate-limit threshold < source MAC address-based
attack threshold.
When configuring the rate limit on the port, you can refer to the user count on
this port. For example, if 500 users exist on a port, you can set the rate limit
on this port to 500.
12.3.8 Clearing the
monitored
hosts
The isolated hosts can be recovered automatically after a period of the time.
The administrator can use the following command to clear the isolated hosts
manually.
Command Function
DES-7200# clear nfpp arp-guard hosts
[vlan vid] [interface interface-id] [ip-address
| mac-address]
clear nfpp arp-guard hosts: Clear all isolated hosts.
clear nfpp arp-guard hosts vlan vid: Clear all
isolated hosts in a VLAN.
clear nfpp arp-guard hosts [vlan vid] [interface
interface-id]: Clear all isolated hosts on a interface in
a VLAN.
clear nfpp arp-guard hosts [vlan vid] [interface
interface-id] [ip-address | mac-address]: An isolated
host has been cleared. Use the IP address or the
MAC address to identify the hosts.
12.3.9 Clearing the
ARP san table
The administrator can use the following command to clear the ARP scan table
manually.
Command Function
DES-7200# clear nfpp arp-guard scan
Clear the ARP scan table.