Configuration Guide NFPP Configuration
This section shows the administrator how to configure the host-based rate-limit
and attack detection in the nfpp configuration mode and in the interface
configuration mode:
Ruijie# configure terminal
Enter the global configuration mode.
Enter the nfpp configuration mode.
Ruijie(config-nfpp)# arp-guard rate-limit
{per-src-ip | per-src-mac} pps
Configure the arp-guard rate-limit,
ranging from 1 to 9999, 4 by default.
per-src-ip: detect the hosts based on
the source IP address/VID/port;
per-src-mac: detect the hosts based
on the source MAC address/VID/port.
Ruijie(config-nfpp)# arp-guard
attack-threshold {per-src-ip |
per-src-mac} pps
Configure the arp-guard attack
threshold, ranging from 1 to 9999, 8
by default. When the ARP packet
number sent from a host exceeds the
attack threshold, the attack is
detected and ARP-guard isolates
the host, records the message and
sends the TRAP packet.
per-src-ip: detect the hosts based on
the source IP address/VID/port;
per-src-mac: detect the hosts based
on the source MAC address/VID/port.
Ruijie(config-nfpp)# arp-guard
scan-threshold pkt-cnt
Configure the arp-guard scan
threshold, in 10s, ranging from 1 to
9999, 15 by default. If 15 or more
than 15 ARP packets have been
received within 10s, and the source
MAC address on link layer is fixed
while the source IP address is
changing, or the source MAC
address and source IP address are
fixed while the destination IP address
is changing, ARP scan is detected
and recorded in the syslog and the
TRAP messages are sent.
Return to the privileged EXEC mode.
To Next Page
Loading...
