Use this command to configure the attach threshold for ARP packets attack detection at a given rate measured in packets- per-second. The ARP packets attack threshold can be configured independently on a per-port basis and on a per-host basis (hosts identified based on source IP address, VLAN ID, and port and hosts identified based on the link-layer source MAC address, VLAN ID, and port.
| Default |
Although the range is the same for all ARP rate limiting types, the default values vary and are as follows:
|
| Format | arp-guard attack-threshold { per-src-ip | per-src-mac | per-port } pps |
| Mode | Global Config |
| Parameter | Description |
|---|---|
| per-src-ip | Detects ARP attacks by hosts identified by source IP address. |
| per-src-mac | Detects ARP attacks by hosts identified by source MAC address. |
| per-port | Detects ARP attacks on per port basis. |
| pps | Indicates the rate limit in packets-per-second, ranging from 0 to 300. A value of zero (0) means no limit - the value is not tracked. |
Example: The following example sets the rate-limit for hosts identified by source MAC address.
(Switching)(Config)# arp-guard attack-threshold per-src-mac 100
