236 CHAPTER 19: SYSTEM-GUARD CONFIGURATION
Enabling System-Guard
on Ports
Table 176 lists the operations to enable system-guard on ports.
n
After system-guard is enabled on a port, if the number of packets the port
received and sent to the CPU in a specified interval exceeds the specified
threshold, the system considers that the port is under attack and begins to limit
the packet receiving rate on the port (this function is also called inbound rate
limit). if the rate of incoming packets on the port exceeds the threshold of
inbound rate limit, any service packets, including BPDU packets, are possible to be
dropped at random, which may result in state transition of STP.
Displaying and
Maintaining the
System-Guard
Function
After the above configuration, you can display and verify your configuration by
performing the operation listed in
Table 177.
Tabl e 176 Enable system-guard on ports
Operation Command Description
Enter system view system-view -
Enable system-guard
on specified ports
system-guard
permit
interface-list
Required
Tabl e 177 Display and debug the system-guard function
Operation Command Description
Display system-guard
configuration
display system-guard
config
This command can be executed in any view.
To Next Page
Loading...
