Wireless Advanced Optimization Feature - Upstream ARP Suppression?

Wireless Advanced Optimization Feature - Upstream ARP Suppression?

For large networks with a tree-shaped network structure, the core gateways are often centralized on a few switch and router devices.

With a massive number of wireless terminals and with some apps performing ARP scans (such as XX video app), at times the simultaneous ARP Requests may overload the switch's PPS processing capabilities, leading to intermittent drops and network connectivity issues for the end users. These issues usually occur during meal times or when there is density in the number of devices connecting to the network, such as during school hours.

Moreover, in many cases, terminals send ARP requests to the gateway every time they roam wirelessly. When the core switch encounters an ARP packet PPS drop, the roaming ARP query fails and network connectivity is lost after the roaming event. The terminal then continuously fails to connect to Wi-Fi.

These problems are often caused by one reason: too many concurrent ARP requests leading to network equipment overload.

So how can we optimize this problem? Is it possible to intercept it specifically?
In addition to the conventional commands for layer 2 isolation and port isolation, we can also consider utilizing a high-level optimization feature of wireless: RROP upstream ARP suppression.
Here are the specific commands:

rrop ul-arp attack-suppression enable [ threshold threshold-value ] [ block-time time ]

Enable the upstream ARP attack suppression function on the AP. By default, the upstream ARP attack suppression function on the AP is disabled.

After enabling this function, if the AP receives more ARP request/response packets from a wireless client than the threshold within 1 second, it will be considered an ARP packet attack from the wireless client. The AP will discard all ARP request/response packets from this wireless client within the configured blocking time interval. When there are too many ARP packets sent by wireless clients in the environment, it is recommended to enable this function.

This function is particularly useful in scenarios where there are many terminals and the performance of the core gateway device is wired. It is recommended that engineers refer to the configuration of this function, as it is beneficial and harmless.