334
To do… Use the command…
Remarks
Set the aging time for system-guard system-guard aging-time time
Optional
By default, the aging time of
system-guard is 60 seconds.
Set a system-guard rate limit for the
specified queues
system-guard rate-limit queue
queue-number rate &<1-8>
Optional
By default, the rate limit is 1500
pps for queue 4 and 360 pps for
other queues.
Enter Layer 2 Ethernet port view
interface interface-type
interface-number
—
Enable system-guard on the port
system-guard enable
Optional
Disabled by default.
Enable the system-guard control
function on the port
system-guard control
Optional
Disabled by default.
Displaying system-guard
To do… Use the command… Remarks
Display system-guard configuration
display system-guard [ | { begin | exclude |
include } regular-expression ]
Available in any view
System-guard configuration example
Network requirements
Enable system-guard on access layer devices to effectively prevent attacks caused by large amounts of
packets.
Configuration procedure
# Set the packet rate limit to 200 pps.
<Sysname> system-view
[Sysname] system-guard detect-threshold 200
# Enable system-guard on GigabitEthernet 1/0/1.
[Sysname-GigabitEthernet1/0/1] system-guard enable
# Display the system-guard configuration.
[Sysname-GigabitEthernet1/0/1] display system-guard
system-guard detect-threshold: 200pps
system-guard aging-time : 60s
system-guard rate-limit :
queue0 360 queue1 360 queue2 360 queue3 360
queue4 1500 queue5 360 queue6 360 queue7 360
To Next Page
Loading...
