Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 6 System-guard Configuration Commands
Huawei Technologies Proprietary
6-3
Field Description
Infected virus Host Number The number of hosts infected by virus
Isolated times of Aging time
Isolate time, unit in aging period of the MAC
address
Max Num of detection support The max Number of detection
Disable dest IP addr learning
from all ip addr in the list
Disable destination IP address learning from all
the IP addresses in the list
6.1.3 system-guard enable
Syntax
system-guard enable
undo system-guard enable
View
System view
Parameter
None
Description
Using system-guard enable command, you can enable system-guard function. Using
undo system-guard enable, you can disable the state of system-guard function.
By default, system-guard function is disabled.
System-guard detects the source IP address featuring attacks and counts the number
of those IP packets by monitoring the packets that the CPU receives at the interval of 10
seconds. Once the number exceeds the preconfigured threshold, some measures are
taken to treat the host with this IP address:
z For S3526, S3526FM, and S3526FS: The switch applies the ACL automatically to
force the host with this IP address (affected host for short) to log off. And after a
specified time, the switch will recover normal forwarding of the affected host.
z For S3526E, S3526E FM, S3526E FS and S3526C: If the packets from the host
with the source IP address needs to be handled by the switch CPU, the switch
reduces the priority of the packets and drops the packets that has been sent to the
CPU.
To Next Page
Loading...
Need help?
General
