10-12-2021 03:38 AM
Hi every one
I'm fine tuning the limit rate on arp inspection, but I itch in my head over the correct understanding of arp inspection burst interval. In fact, another person has asked the very same question https://www.mail-archive.com/ccie_security@onlinestudylist.com/msg00909.html (a long time ago) but lacks some answers:
quoted:
I've been looking at the documentation, but can't seem so figure out how
the burst interval setting works. Can anyone enlighten me?
Does it:
1 - set the number of seconds that the limit must exceed to put the port
into err-disable?
So - ip arp inspection limit rate 15 burst interval 5 will cause
err-disable if 15 arps are seen over a 5 second window.
Or
2 - set to total number of consecutive seconds that the limit must
exceed to put the port into err-disable?
So - ip arp inspection limit rate 15 burst interval 5 will cause
err-disable if 15 arps are seen over a 1 second window for 5 consecutive
seconds.
Solved! Go to Solution.
10-12-2021 03:52 AM
Hi, as per the doc. it is seconds .
1. ip arp inspection limit {rate pps [burst interval seconds] | none} 2. no ip arp inspection limit
10-12-2021 03:52 AM
Hi, as per the doc. it is seconds .
1. ip arp inspection limit {rate pps [burst interval seconds] | none} 2. no ip arp inspection limit
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide