Introduction – H3C Technologies H3C S3100 Series Switches User Manual
Page 963
2
Among the S3100 series Ethernet switches, only the S3100-EI series support ARP Packet Filtering.
Follow these steps to configure ARP packet filtering based on gateway’s address:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter Ethernet port view
interface interface-type
interface-number
—
Configure ARP packet filtering
based on the gateway’s IP
address
arp filter source ip-address
Required
Not configured by default.
Configure ARP packet filtering
based on the gateway’s IP and
MAC addresses
arp filter binding ip-address
mac-address
Required
Not configured by default.
The arp filter source and arp filter binding commands are mutually exclusive on an Ethernet port.
That is, you can only configure ARP packet filtering based on gateway’s IP address, or based on
gateway’s IP and MAC addresses, but not both on an Ethernet port.
Configuring the Maximum Number of Dynamic ARP Entries a VLAN
Interface Can Learn
Introduction
To prevent ARP flood attacks, you can limit the number of ARP entries learned by a VLAN interface on
S3100-EI series Ethernet switches (operating as gateways). That is, you can set the maximum number
of dynamic ARP entries that a VLAN interface can learn. If the number of ARP entries learned by the
VLAN interface exceeds the specified upper limit, the VLAN interface stops learning ARP entries, thus
to avoid ARP flood attacks.
Configuring the Maximum Number of Dynamic ARP Entries that a VLAN Interface
Can Learn
Follow these steps to configure the maximum number of dynamic ARP entries that a VLAN interface
can learn:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter VLAN interface view
interface vlan-interface
vlan-id
—