Configuration Guide NFPP Configuration
Ruijie(config)# ip-guard scan-threshold
pkt-cnt
Configure the ip-guard scan threshold,
in 10s, ranging from 1 to 9999, 100 by
default.
Return to the privileged EXEC mode.
Ruijie# configure terminal
Enter the global configuration mode.
Ruijie(config)# interface interface-name
Enter the interface configuration mode.
Ruijie(config-if)#nfpp ip-guard policy p
er-src-ip rate-limit-pps attack-threshold-pp
s
Configure the rate-limit and attack
threshold on the specified interface.
rate-limit-pps: set the rate-limit
threshold. The valid range is 1-9999
and by default, it adopts the global
rate-limit threshold value.
attack-threshold-pps: set the attack
threshold. The valid range is 1-9999
and by default, it adopts the global
attack threshold value.
per-src-ip: to detect the hosts based
on the source IP/VID/port;
Ruijie(config-if)#nfpp ip-guard scan-thr
eshold pkt-cnt
Configure the ip-guard scan threshold
value on each interface, the valid range
is 1-9999, in 10s. By default, it adopts
the global arp-guard scan threshold
value.
Return to the privileged EXEC mode.
Ruijie(config-if)# show nfpp ip-guard
summary
Show the parameter settings.
Ruijie# copy running-config
startup-config
Port-based rate-limit and attack detection
You can configure the ip-guard rate limt and attack threshold on the port. The
rate limit value must be less than the attack threshold value. When the IP
packet rate on a port exceeds the limit, the IP packets are dropped. When the IP
packet rate on a port exceeds the attack threshold limit, the CLI prompts and
the TRAP packets are sent.
To Next Page
Loading...
