Configuring ARP packet rate limit

This feature allows you to limit the rate ARP packets are delivered to the CPU. For example, if an attacker sends a large number of ARP packets to an ARP detection enabled device, the CPU of the device becomes overloaded because all of the ARP packets are redirected to the CPU for inspection. As a result, the device is unable to provide other functions and can even crash. To solve this problem, configure ARP packet rate limit.

Configure this feature when ARP detection, ARP snooping, or MFF is enabled, or when ARP flood attacks are detected.