Configuration Guide NFPP Configuration
It prompts the following message when the IP DoS attack was detected on a
port:
%NFPP_IP_GUARD-4-PORT_ATTACKED: IP DoS attack was detected on port
Gi4/1. (2009-07-01 13:00:00)
The following is additional information of the sent TRAP packet :
IP DoS attack was detected on port Gi4/1.
This section shows the administrator how to configure the port-based rate-limit
and attack detection in the nfpp configuration mode and in the interface
configuration mode:
Ruijie# configure terminal
Enter the global configuration mode.
Enter the nfpp configuration mode.
Ruijie(config)# ip-guard rate-limit per-port
pps
Configure the ip-guard rate-limit of the
IP packet on the port, ranging from 1 to
9999, 100 by default.
Ruijie(config)# ip-guard attack-threshold
per-port pps
Configure the ip-guard attack
threshold, ranging from 1 to 9999, 200
by default. When the IP packet number
on a port exceeds the attack threshold,
the CLI prompts and the TRAP packets
are sent.
Return to the privileged EXEC mode.
Ruijie# configure terminal
Enter the global configuration mode.
Ruijie(config)# interface interface-name
Enter the interface configuration mode.
Ruijie(config-if)#nfpp ip-guard policy
per-port rate-limit-pps attack-threshold-pps
Configure the rate-limit and attack
threshold on the specified interface.
rate-limit-pps: set the rate-limit
threshold. The valid range is 1-9999
and by default, it adopts the global
rate-limit threshold value.
attack-threshold-pps: set the attack
threshold. The valid range is 1-9999
and by default, it adopts the global
attack threshold value.
Return to the privileged EXEC mode.
To Next Page
Loading...
