Configuration Guide NFPP Configuration
Ruijie# configure terminal
Enter the global configuration mode.
Ruijie(config)# interface interface-name
Enter the interface configuration
mode.
Ruijie(config-if)#nfpp arp-guard policy
{per-src-ip | per-src-mac} rate-limit-pps
attack-threshold-pps
Configure the rate-limit and attack
threshold on the specified interface.
rate-limit-pps: set the rate-limit
threshold. The valid range is 1-9999
and by default, it adopts the global
rate-limit threshold value.
attack-threshold-pps: set the attack
threshold. The valid range is 1-9999
and by default, it adopts the global
attack threshold value.
per-src-ip: to detect the hosts based
on the source IP/VID/port;
per-src-mac: to detect the hosts
based on the source MAC/VID/port
on the link layer.
Ruijie(config-if)#nfpp arp-guard scan-th
reshold pkt-cnt
Configure the arp-guard scan
threshold value on each interface, the
valid range is 1-9999, in 10s. By
default, it adopts the global arp-guard
scan threshold value.
Return to the privileged EXEC mode.
Ruijie# show nfpp arp-guard summary
Show the arp-guard parameter
settings.
Ruijie# copy running-config
startup-config
Port-based rate-limit and attack detection
You can configure the arp-guard rate limt and attack threshold on the port. The
rate limit value must be less than the attack threshold value. When the ARP
packet rate on a port exceeds the limit, the ARP packets are dropped. When the
ARP packet rate on a port exceeds the attack threshold limit, the CLI prompts
and the TRAP packets are sent.
To Next Page
Loading...
