Configuration Guide NFPP Configuration
It prompts the following message when the IP scan was detected:
%NFPP_IP_GUARD-4-SCAN: Host<IP=1.1.1.1, MAC=
N/A,port=Gi4/1,VLAN=1> was detected. (2009-07-01 13:00:00)
The following example shows the describing information included in the sent
TRAP messages:
IP scan from host< IP=1.1.1.1, MAC= N/A,port=Gi4/1,VLAN=1> was detected.
It sets a policy to the hardware when isolating the attackers.
When the hardware resources have been exhausted, it
prompts the message to inform the administrator.
When it fails to allocate the memory to the detected
attackers, it prompts the message like
“%NFPP_IP_GUARD-4-NO_MEMORY: Failed to alloc memory.”
to inform the administrator.
This section shows the administrator how to configure the host-based rate-limit
and attack detection in the nfpp configuration mode and in the interface
configuration mode:
Ruijie# configure terminal
Enter the global configuration mode.
Enter the nfpp configuration mode.
Ruijie(config-nfpp)# ip-guard rate-limit
per-src-ip pps
Configure the ip-guard rate-limit,
ranging from 1 to 9999, 20 by default.
per-src-ip: detect the hosts based on
the source IP address/VID/port;
Ruijie(config)# ip-guard attack-threshold
per-src-ip pps
Configure the ip-guard attack
threshold, ranging from 1 to 9999, 20
by default. When the IP packet number
sent from a host exceeds the attack
threshold, the attack is detected and
IP-guard isolates the host, records the
message and sends the TRAP packet.
per-src-ip: detect the hosts based on
the source IP address/VID/port;
To Next Page
Loading...
