Raisecom
ISCOM2600G-HI (A) Series Configuration Guide
Raisecom Proprietary and Confidential
Copyright © Raisecom Technology Co., Ltd.
Raisecom#show cpu-protect car statistics
[
interface-type interface-number
] [ dynamic ]
10.10.4 Maintenance
Maintain the ISCOM2600G-HI series switch as below.
Raisecom(config)#clear cpu-protect car { arp | bpdu |
dhcp | global | icmp | igmp | lldp | mld | stp }
statistics
Clear global CPU
CAR statistics.
10.11 Configuring anti-ARP attack
10.11.1 Preparing for configurations
Scenario
ARP is simple and easy to use, but vulnerable to attacks due to no security mechanism.
Attackers can forge ARP packets from users or gateways. When they send excessive IP
packets, whose IP addresses cannot be resolved, to the ISCOM2600G-HI series switch, they
will cause the following harms:
The ISCOM2600G-HI series switch sends excessive ARP request packets to the
destination network segment, so this network segment is overburdened.
The ISCOM2600G-HI series switch repeatedly resolve destination IP addresses, so the
CPU is overburdened.
To prevent theses harms due to attacks on IP packets, the ISCOM2600G-HI series switch
supports anti-ARP attack.
Prerequisite
N/A
10.11.2 Configuring ARP
Configure ARP for the ISCOM2600G-HI series switch as below.
Enter global configuration mode.
Raisecom(config)#interface vlan
vlan-id
Enter VLAN interface configuration
mode.
To Next Page
Loading...
Need help?
General
