The firewall defend arp-flood interface command configures the parameters of interface-based ARP flood attack defense.
The undo firewall defend arp-flood interface command cancels the configuration.
firewall defend arp-flood interface { interface-type interface-number | all } [ max-rate max-rate-number ]
undo firewall defend arp-flood interface { interface-type interface-number | all }
| Parameter | Description | Value |
|---|---|---|
| interface interface-type interface-number | Specifies the type and number of the Ethernet interface. | - |
| all | Indicates all interfaces. | - |
| max-rate max-rate-number | Specifies the maximum rate. | The value is an integer ranging from 1 to 65535, in pps. The default value is 1000 pps. |
The configuration of the ARP flood attack defense function takes effect after the function is enabled.
After the command is executed and the rate of the ARP packets received by the interface exceeds max-rate-number, excess packets are discarded to ensure that the actual rate of ARP packets is within the threshold.
If parameter all is specified, the function limits the rate of ARP packets on each interface, but not the total rate of ARP packets received by all interfaces.
If max-rate is not specified, the default value (1000 pps) is used to limit the maximum rate.