x
Displaying and maintaining source MAC-based ARP attack detection ·················································· 402
Source MAC-based ARP attack detection configuration example ························································· 402
Configuring ARP packet source MAC consistency check ·············································································· 403
Configuring ARP active acknowledgement ···································································································· 403
Configuring ARP automatic scanning and fixed ARP ···················································································· 403
Configuration guidelines ························································································································· 404
Configuration procedure ························································································································· 404
Configuring IP source guard ······································································· 405
Overview ························································································································································ 405
Static IP source guard binding entries ··································································································· 405
Dynamic IP source guard binding entries ······························································································ 406
IPv4 source guard configuration task list ······································································································· 406
Configuring IPv4 source guard ······················································································································ 406
Enabling IPv4 source guard on a port ···································································································· 407
Configuring a static IPv4 source guard binding entry ············································································· 408
Setting the maximum number of IPv4 source guard binding entries ······················································ 408
Displaying and maintaining IP source guard ·································································································· 409
Static IPv4 source guard binding entry configuration example ······································································ 409
Dynamic IPv4 source guard using DHCP snooping configuration example ·················································· 411
Troubleshooting IP source guard ··················································································································· 412
Configuring attack detection and protection ················································ 413
Overview ························································································································································ 413
Types of network attacks the device can defend against······································································· 413
Blacklist function ···································································································································· 414
Traffic statistics function ························································································································· 415
Attack detection and protection configuration task list ··················································································· 416
Configuring attack protection functions for an interface ················································································· 416
Creating an attack protection policy ······································································································· 416
Configuring an attack protection policy ·································································································· 417
Applying an attack protection policy to an interface ··············································································· 420
Configuring the blacklist function ··················································································································· 420
Enabling traffic statistics on an interface ········································································································ 421
Enabling TCP fragment attack protection ······································································································ 421
Displaying and maintaining attack detection and protection ·········································································· 421
Attack detection and protection configuration examples ················································································ 422
Attack protection functions on interfaces configuration example ··························································· 422
Blacklist configuration example ·············································································································· 424
Traffic statistics configuration example ·································································································· 425
Configuring TCP attack protection ······························································ 427
Overview ························································································································································ 427
Enabling the SYN Cookie feature ·················································································································· 427
Enabling protection against Naptha attacks ··································································································· 428
Displaying and maintaining TCP attack protection ························································································ 428
Configuring connection limits ······································································ 429
Overview ························································································································································ 429
Connection limit configuration task list ··········································································································· 429
Creating a connection limit policy ·················································································································· 429
Configuring the connection limit policy ··········································································································· 429
Configuring the default connection limit action and parameters ···························································· 429
Configuring an ACL-based connection limit rule ···················································································· 430
Applying the connection limit policy ··············································································································· 431
Displaying and maintaining connection limiting ····························································································· 431
Troubleshooting connection limiting ··············································································································· 431
Symptom ················································································································································ 431
Analysis ·················································································································································· 432
Solution ·················································································································································· 432
To Next Page
Loading...
Need help?
General
