HCIE Huawei equipment gratuitous ARP packet discard configuration
The gratuitous ARP message is medium. The source and destination IP addresses are the local IP address, the source MAC address is the local MAC address, and the destination MAC address is the broadcast address. This message is used to confirm whether other devices in the broadcast domain conflict with their own IP address; when the hardware address of the user host changes, in order to be able to notify other users in time that the ARP has changed, the user host will also send free ARP Message.
When a large number of unexplained ARP packets appear on the network, the CPU load becomes excessive, which affects the processing of normal ARP packets. If there is unprovoked ARP forged by the attacker, the ARP table update error will occur, causing the data of the legitimate user to be interrupted.
You can enable the gratuitous ARP discard function under the global and interface:
arp anti-attack gratuitous-arp drop //Enable the gratuitous ARP drop function
If enabled globally, all interfaces on the device discard the received gratuitous ARP packets. If it is enabled under an interface, only the specified interface will discard gratuitous ARP packets. By default, the gratuitous ARP packet discarding function is not enabled.
If there are many Ethernet interfaces involved, you can perform
undo portswitch batch interface-type {interface-number1 [to interface-number2]} &<1-10>, batch switch the working mode of the Ethernet interface.
Get 100% accurate CCIE/ CCNP/CCNA/HCIE dumps in IELAB .
Please follow us if you like our articles.
visit us: http://ielab.network
Facebook : https://www.facebook.com/ielab.network/
Linkedin: https://www.linkedin.com/company/ielabnetwork/
WhatsApp: +8617782638871
Skype:live:ielab.anna
