Configuring ARP Learning Strict, Fixed-MAC, Rate Limits, and Interface Limits on Quidway Switches

1. Enable strict ARP learning.

[Quidway] arp learning strict

2. Enable ARP entry fixation using the fixed‑mac mode.

[Quidway] arp anti-attack entry-check fixed-mac enable

3. Rate‑limit ARP Miss messages per source IP. For a specific server (10.10.10.2) allow up to 40 messages per second, and for other users allow up to 20 messages per second per source IP.

[Quidway] arp-miss speed-limit source-ip maximum 20

[Quidway] arp-miss speed-limit source-ip 10.10.10.2 maximum 40

4. Limit the number of dynamic ARP entries that can be learned on an interface (Eth0/0/1) to 20.

[Quidway] interface ethernet 0/0/1

[Quidway-Ethernet0/0/1] arp-limit vlan 10 maximum 20

[Quidway-Ethernet0/0/1] quit

5. Rate‑limit ARP packets from a specific source IP (9.9.9.2) to a maximum of 10 packets per second.

[Quidway] arp speed-limit source-ip 9.9.9.2 maximum 10

6. Verify the configuration by displaying the global ARP learning strict status.

display arp learning strict

The output shows that the global ARP learning strict function is enabled.

7. Display the ARP limit on the interface to confirm the maximum number of dynamic entries.

display arp-limit interface ethernet 0/0/1

Sample output: Ethernet0/0/1 20 10 0 , indicating a limit of 20 entries with 10 currently learned.

8. Show the ARP anti‑attack configuration to verify related security settings.

display arp anti-attack configuration all

The output indicates that packet‑check and gateway‑duplicate anti‑attack functions are disabled, and provides details of the current anti‑attack parameters.