Configuration Guide NFPP Configuration
It prompts the following message when the ARP DoS attack was detected on a
port:
%NFPP_ARP_GUARD-4-PORT_ATTACKED: ARP DoS attack was detected on port Gi4/1.
(2009-07-01 13:00:00)
The following is additional information of the sent TRAP packet :
ARP DoS attack was detected on port Gi4/1.
This section shows the administrator how to configure the port-based rate-limit
and attack detection in the nfpp configuration mode and in the interface
configuration mode:
Ruijie# configure terminal
Enter the global configuration mode.
Enter the nfpp configuration mode.
Ruijie(config-nfpp)# arp-guard rate-limit
per-port pps
Configure the arp-guard rate-limit of the
ARP packet on the port, ranging from 1
to 9999, 100 by default.
Ruijie(config-nfpp)# arp-guard
attack-threshold per-port pps
Configure the arp-guard attack
threshold, ranging from 1 to 9999, 200
by default. When the ARP packet
number on a port exceeds the attack
threshold, the CLI prompts and the
TRAP packets are sent.
Return to the privileged EXEC mode.
Ruijie# configure terminal
Enter the global configuration mode.
Ruijie(config)# interface interface-name
Enter the interface configuration mode.
Ruijie(config-if)#nfpp arp-guard policy
per-port rate-limit-pps attack-threshold-pps
Configure the rate-limit and attack
threshold on the specified interface.
rate-limit-pps: set the rate-limit
threshold. The valid range is 1-9999
and by default, it adopts the global
rate-limit threshold value.
attack-threshold-pps: set the attack
threshold. The valid range is
1-9999 and by default, it adopts the
global attack threshold value.
Return to the privileged EXEC mode.
To Next Page
Loading...
