To control the
number of Address Resolution Protocol (ARP) packets that are allowable for each
Service ID (SID) on a cable interface, use the
cable
arp
filter
command in cable interface configuration mode. To stop the
filtering of ARP broadcasts for CMs, use the
no form of
this command.
cable
arp
filter
{ reply-accept | request-send }
number
window-size
no
cable
arp
filter
{ reply-accept | request-send }
default
cable
arp
filter
{ reply-accept | request-send }
Syntax Description
reply-accept
|
Configures the cable interface to accept only the specified
number of ARP
reply packets every
window-size
seconds for each active Service ID (SID) on that interface. The cable interface
drops ARP reply packets for a SID that would exceed this number.
|
request-send
|
Configures the cable interface to send only the specified
number of ARP
request packets every
window-size
seconds for each active SID on that interface. The cable
interface drops ARP requests for a SID that would exceed this number.
|
number
|
Number
of ARP reply packets that is allowed for each SID within the window time
period. The allowable range is 0 to 20 packets, with a default of 4 packets. If
number is 0,
the cable interface drops all ARP reply packets.
|
window-size
|
Size of
the window time period, in seconds, in which to monitor ARP requests. The valid
range is 1 to 5 seconds, with a default of 2 seconds.
|
Command Default
ARP packets are
not filtered, which means the Cisco CMTS router accepts all ARP reply packets
and sends all ARP request packets.
Command Modes
Cable interface configuration (config-if)
Command History
Release
|
Modification
|
12.2(15)BC2
|
This
command was introduced for the Cisco uBR7246VXR and Cisco uBR10012 universal
broadband routers.
|
12.3(9a)BC
|
The
values of number and window-size are optional for the the respective
reply-accept
and
request-send
settings. In this release and for earlier supporting releases, when ARP
filtering is enabled, the default values for
number and
window-size
are 4 and 2 respectively.
|
12.3(17a)BC
|
In
this release and for later releases, when ARP filtering is enabled, the default
values for
number and
window-size
are 3 and 2 respectively.
|
12.2(33)SCA
|
This
command was integrated into Cisco IOS Release 12.2(33)SCA. Support for the
Cisco uBR7225VXR router was added.
|
IOS-XE
3.15.0S
|
This
command was implemented on the Cisco cBR Series Converged Broadband Routers.
This command is integrated into bundle interface configuration mode.
|
Usage Guidelines
Viruses, worms,
and theft-of-service attacks can generate a large volume of ARP requests on a
cable interface. In some situations, the volume of ARP traffic can become so
large that it throttles all other traffic.
To control the
number of ARP replies and ARP requests that are allowed for each SID on a cable
interface, use the
cable
arp
filter command. This command configures the
interface so that it accepts only a certain number of ARP reply or request
packets per a specified time period. If a SID generates more ARP packets than
what is allowed, the cable interface drops the excessive traffic.
By default, no
ARP filtering is done. ARP filtering is enabled on individual cable interfaces,
and you can choose to filter ARP packets only on the specific cable interfaces
that require it. You can further choose to filter only ARP request packets,
only ARP reply packets, or both. You can configure different threshold values
on each interface, allowing you to customize the feature for each interface’s
traffic patterns.
If using
bundled cable interfaces, the Cable ARP Filtering feature is configured
separately on the master and slave interfaces. This allows you to configure the
feature only on the particular interfaces that require it.
Note |
Cisco IOS
Release 12.3(9a)BC introduces enhanced command option syntax for the
cable
arp
filter command, where
number and
window-size
values are optional for
reply-accept and
request-send settings.
|
Note |
Disabling
the cable ARP filtering feature, using the
no
cable
arp
filter command, does not reset the ARP packet
counters. The ARP packet counters do not increment when cable ARP filtering is
disabled, but the counters retain their current values until the interface
counters are specifically cleared, using the
clear
counters command.
|
The Linksys
Wireless-B Broadband Router BEFW11S4 version 4 with 1.44.2 firmware incorrectly
sends its own ARP reply packet for every ARP request packet it receives,
instead of replying only to the ARP requests that are specifically for itself.
Customers with these routers should upgrade the firmware to the latest revision
to fix this bug. To upgrade the firmware, go to the download section on the
Linksys web site.
Note |
Starting
from IOX-XE 3.15 OS, this command is integrated into bundle interface
configuration mode for cBR Series Converged Broadband Routers.
|
Examples
The following
example shows how to filter cable ARP reply packets, so that the cable
interface accepts a maximum of 15 ARP replies every three seconds per SID:
Router(config)# interface cable 5/1/0
Router(config-if)# cable arp filter reply-accept 15 3
The following
example shows how to filter cable ARP request packets, so that the cable
interface sends a maximum of 10 requests per second per SID:
Router(config)# interface cable 6/0
Router(config-if)# cable arp filter request-send 10 1
The following
example shows how to enable the filtering of cable ARP request and reply
packets on a cable interface, using the default values of 4 packets per CPE per
every 2 seconds:
Router(config)# interface cable 3/0
Router(config-if)# default cable arp filter reply-accept
Router(config-if)# default cable arp filter request-send
Router(config-if)# end
Router# show running-config | include filter
cable arp filter reply-accept 4 2
cable arp filter request-send 4 2
The following
example shows how to disable the filtering of cable ARP request and reply
packets on a cable interface:
Router(config)# interface cable 1/0
Router(config-if)# no cable arp filter reply-accept
Router(config-if)# no cable arp filter request-send
The following
example shows how to filter cable ARP reply packets, so that the bundle
interface accepts a maximum of 15 ARP replies every three seconds per SID on
Cisco cBR Series Converged Broadband Routers:
Router(config)# interface bundle 1
Router(config-if)# cable arp filter reply-accept 15 3
The following
example shows how to filter cable ARP request packets, so that the bundle
interface sends a maximum of 10 requests per second per SID on Cisco cBR Series
Converged Broadband Routers:
Router(config)# interface bundle 1
Router(config-if)# cable arp filter request-send 10 1
Related Commands
Command
|
Description
|
cable
arp
|
Activates cable ARP.
|
cable
proxy-arp
|
Activates cable proxy ARP on the cable interface.
|
clear
arp-cache
|
Refreshes dynamically created entries from the ARP cache.
|
clear
counters
|
Clears the packet counters on all interfaces or on a specific interface.
|
debug
cable
arp
filter
|
Displays debugging messages about the filtering of ARP broadcasts.
|
show
cable
arp-filter
|
Displays the total number of ARP replies and requests that have been sent and
received, including the number of requests that have been filtered.
|