arp-limit

Function

The arp-limit command limits the maximum number of dynamic Address Resolution Protocol (ARP) entries that an interface can learn.

The undo arp-limit command deletes the configuration of the maximum number.

By default, the number of ARP entries that an interface can learn is not limited (but is subject to the product specifications).

Format

arp-limit [ vlan vlan-id1 [ to vlan-id2 ] ] maximum maximum

undo arp-limit [ vlan vlan-id1 [ to vlan-id2 ] ]

Parameters

Parameter	Description	Value
vlan vlan-id1	Specifies the ID of a VLAN in which ARP learning is limited.	The value of the VLAN ID ranges from 1 to 4094. This parameter can be set only in the Layer 2 interface view.
to vlan-id2	Specifies the ID of a VLAN in which ARP learning is limited. NOTE: The value of vlan-id2 must be greater than that of vlan-id1.	The value of the VLAN ID ranges from 1 to 4094. This parameter can be set only in the Layer 2 interface view.
maximum	Specifies the maximum number of dynamic ARP entries that an interface (either a physical or logical interface) can learn.	USG6510E/6510E-POE: the value is an integer ranging from 1 to 1024. USG6530E: the value is an integer ranging from 1 to 4096. USG6515E/6550E/6560E/6580E: the value is an integer ranging from 1 to 16384. USG6610E/6620E: the value is an integer ranging from 1 to 16384. USG6615E/6625E: the value is an integer ranging from 1 to 16384. USG6630E/6650E: the value is an integer ranging from 1 to 16384. USG6635E/6655E: the value is an integer ranging from 1 to 16384. USG6680E: the value is an integer ranging from 1 to 16384. USG6712E/6716E: the value is an integer ranging from 1 to 16384.

Views

Ethernet interface view, Ethernet sub-interface view, Eth-trunk interface view, Eth-Trunk sub-interface view, or VLANIF interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

If an unauthorized user sends a large number of ARP messages to a device, the device learns a large number of ARP entries in a short period, causing the ARP buffer to overflow. As a result, normal operation of the network is affected. To resolve such a problem, you can set the maximum number of ARP entries that each interface can learn.

Precautions

The Ethernet interface, GE interface or Eth-trunk interface can be used as a Layer 3 interface or a Layer 2 interface. vlan-id cannot be configured for the Layer 3 interface. vlan-id is required for the Layer 2 interface.

If the arp-limit vlan vlan-id1 to vlan-id2 maximum maximum command is run more than once, the following situations are available:

If maximum maximum is the same in multiple command instances, all configurations take effect. For example, if the arp-limit vlan 10 to 30 maximum 200 command and then the arp-limit vlan 35 to 40 maximum 200 command are run, both configurations take effect. If the VLAN ranges specified in multiple command instances are overlapping, the system automatically merges the VLAN ranges. For example, if the arp-limit vlan 50 to 80 maximum 200 command and then the arp-limit vlan 70 to 100 maximum 200 command are run, both configurations take effect, and the system merges the configurations into arp-limit vlan 50 to 100 maximum 200.
If maximum maximum is different in multiple command instances, the latest configuration overrides the previous one for the same VLAN range. For example, if the arp-limit vlan 10 to 30 maximum 200 command and then the arp-limit vlan 15 to 25 maximum 300 command are run, the system automatically divides the configurations into arp-limit vlan 10 to 14 maximum 200, arp-limit vlan 15 to 25 maximum 300, and arp-limit vlan 26 to 30 maximum 200.

Follow-up Procedure

If the number of ARP entries that an interface can learn changes, and the number of the learned ARP entries exceeds the changed value, the interface cannot learn additional ARP entries. You can delete the excess ARP entries based on the system prompt.

Example

# Configure the maximum number of dynamic ARP entries that GigabitEthernet 0/0/1 can learn to 20.

<sysname> system-view

[sysname] interface GigabitEthernet 0/0/1

[sysname-GigabitEthernet 0/0/1] arp-limit maximum 20