Operation Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 6 System-guard Configuration
Huawei Technologies Proprietary
6-2
Table 6-1 Enabling system-guard function
Operation Command
Enable system-guard function
system-guard enable
Disable system-guard function
undo system-guard enable
By default, system-guard function is disabled.
Caution:
z For S3526E, S3526E FM S3526E FS and S3526C: Before enabling system-guard
function, be sure the port priority is default value 0 and the Ethernet switch doesn’t
trust the cos priority of packets.
z For S3526, S3526 FM and S3526 FS: The system-guard function is enabled only
after two or more VLAN interfaces are created and configured with the IP
addresses.
z For S3526E, S3526E FM, S3526E FS and S3526C: After system-guard is enabled,
don’t change the port priority and the mode of queue-scheduling.
6.2.2 Setting the max detection count of the affected hosts
The following commands can be used to set the max detection count of the affected
hosts. This configuration takes effect only after the system-guard function is enabled.
Perform the following configurations in system view.
Table 6-2 Setting the max detection count
Operation Command
Set the max detection count of the affected hosts
system-guard
detect-maxnum number
Restore the max detection count of the affected
hosts to default value
undo system-guard
detect-maxnum
By default, the max detection count of the affected hosts is 30.
6.2.3 Setting parameters of address learning
The following commands can be used to set the max number of the learned IP
addresses ( IP-record-threshold ), threshold of consecutive detection times which the
learned address number exceed the threshold of IP address learned for one time
To Next Page
Loading...
Need help?
General
