Solved: Dynamic Arp Inspection Limit Rate

justin.abendroth · ‎08-16-2017

I enabled DAI on my company network and am coming across ports getting shut own due to ARP packet rate exceeding the default xyz rate I set it to. Is there a recommended safe limit rate range I could set the unrusted ports to? I originally went from 15 to 35, but am seeing ports getting hit with arp packets close up to 50.

Ton V Engelen · ‎08-17-2017

Hi

overhere we re at a limit rate of 240.

Esp. the networks where the wired Apples are located. They tend to fire arp packets like a machine gun.

Good luck.

View solution in original post

Philip D'Ath · ‎08-16-2017

I tend to take the normal limit, and then multiply it by 10. I know then if it trips something has definitely changed or gone wrong.

Ton V Engelen · ‎08-17-2017

Hi

overhere we re at a limit rate of 240.

Esp. the networks where the wired Apples are located. They tend to fire arp packets like a machine gun.

Good luck.

justin.abendroth · ‎08-17-2017

Thanks!

johnd2310 · ‎08-16-2017

Hi,

Try with a setting of 100. When my network was running windows XP, i was using 50 but started having issues when win 7 and win 10 came along. I had to move to a setting of 100 and that has been stable for a while.

Thanks

John

**Please rate posts you find helpful**

PaulReveco · ‎09-21-2021

I have the same question for Access-point cisco, how much should I put in margin, because it was set to 200, and the door was blocked.

brian420 · ‎08-04-2023

Every network is different. There is no correct answer here... Instead of asking for the solution, why not experiment?

After using Ettercap, I found that about 95 pps is the highest threshold which will exceed the limit and disable the port. Raising the limit beyond 95 pps with a 1 second burst will allow /24 scan to slip past the rate limit. Of course this may vary depending on the environment and equipment.

Figure out what works through real world testing and avoid random answers as solutions.