EasyManuals Logo

D-Link xStack DGS-3610 Series User Manual

D-Link xStack DGS-3610 Series
703 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #583 background imageLoading...
Page #583 background image
DGS-3610 Series Configuration Guide Chapter 41 Anti-attack System Guard Configuration
41-3
Command
Meaning
configure terminal
Enter the global configuration mode.
interface interface-id
Enter the configuration mode of this interface.
Legal interfaces include physical interfaces.
system-guard isolate-time seconds
Configure the isolation time of unauthorized users.
Its value range is 30s – 3600s, 120s by default.
end
Return to the privileged mode.
show system-guard
Check the configuration entities.
copy running-config startup-config
Save the configuration.
If you want to restore the default value of the isolation time, execute the no system-guard
isolation-time command to set in the interface mode.
In addition, when an illegal user is isolated, the device sends a LOG record to the log system
for the query of the administrator. Furthermore, it sends another LOG notice when the illegal
isolation is removed.
41.2.4 Setting the Threshold to Judge Illegal
Attacking IP
There are two attack methods that may affect the device performance.
1. Scan a batch of IP network segments.
2. Attack an inexistent IP by sending IP packets continuously.
The above limits are configured on our devices. Once one of a batch of packets sent by a
user exceeds the packet limit controlled by the administrator, the user will be considered to
be an unauthorized attacker and be isolated. The judging threshold of illegal attacking IP is
also port-based. You may configure it in the interface mode.
Command
Meaning
configure terminal
Enter the global configuration mode.
interface interface-id
Enter the configuration mode of this interface.
Legal interfaces include physical interfaces.
system-guard
same-dest-ip-attack-packets number
Configure the maximum threshold for continuously
sending IP packets to an inexistent IP for attack.
The value range is 1 – 2000 packets per second, 20 by
default. Setting to 0 indicates this attack is not monitored.
system-guard
scan-dest-ip-attack-packets number
Configure the maximum threshold for scanning and
attacking a batch of IP network segments.
The value range is 1 – 1000 packets per second, 10 by
default. Setting to 0 indicates this attack is not monitored.
end
Return to the privileged mode.

Table of Contents

Other manuals for D-Link xStack DGS-3610 Series

Preview: Hardware Installation Guide
Hardware Installation Guide26 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the D-Link xStack DGS-3610 Series and is the answer not in the manual?

D-Link xStack DGS-3610 Series Specifications

General IconGeneral
BrandD-Link
ModelxStack DGS-3610 Series
CategorySwitch
LanguageEnglish

Related product manuals