Ruijie RG-S2900G-E Series

To Next Page

To Previous Page

Configuration Guide NFPP Configuration

Command

Function

Ruijie(config)# cpu-protect

sub-interface

{manage|protocol|route}

percent percent_vaule

Configure the packet percent.

percent_value: ranging from 1 to 100, in integer.

For example:

Ruijie(config)# cpu-protect sub-interface manage percent 60

Ruijie(config)# end

Caution

The valid percent value of one packet must be less than 100%

minus the percent value of other two types of packets

Anti-attack Protocols

 ARP-guard

 IP-guard

 ICMP-guard

 DHCP-guard

 DHCPv6-guard

 ND-guard

 NFPP syslog

ARP-guard

ARP-guard Overview

The IP address is translated into the MAC address by ARP protocol in the local

area network(LAN). ARP protocol plays an important role in the network security.

ARP DoS attack sends a large amount of illegal ARP packets to the gateway,

preventing the gateway from providing the services. To deal with this attack, on

one hand, you can configure the rate-limit of the ARP packet, on the other hand,

you can detect and isolate the attack source.

The ARP attack detection could be host-based or port-based. Host-based ARP

attack detection could be classified into the following two types again: source IP

address/VID/port-based and source MAC address/VID/port-based. For each

attack detection, you can configure the rate-limit threshold and warning

threshold. The ARP packet will be dropped when the packet rate exceeds the

Ruijie RG-S2900G-E Series - Page 684