Configuration Guide NFPP Configuration
1 Gi0/1 1.1.1.1 ATTACK 110
2 Gi0/2 1.1.2.1 SCAN 61
Total:2 hosts
Ruijie# show nfpp ip-guard hosts vlan 1 interface G 0/1 1.1.1.1
If column 1 shows '*', it means "hardware do not isolate user".
VLAN interface IP address MAC address remain-time(s)
---- -------- --------- ----------- -------------
1 Gi0/1 1.1.1.1 ATTACK 110
Total:1 host
If the MAC address columm shows “-”, it means “the host is identified by
the source IP address”;
If the IP address columm shows “-”, it means “the host is identified by the
source MAC address”.
Showing the trusted host configuration
Ruijie# show nfpp ip-guard trusted-host
For example,
Ruijie#show nfpp ip-guard trusted-host
IP address mask
--------- ------
1.1.1.0 255.255.255.0
1.1.2.0 255.255.255.0
Total:2 record(s)
ICMP-guard
ICMP-guard Overview
The ICMP attack detection could be host-based or port-based. Host-based
ICMP protocol is used to diagnose the network trouble. Its basic principle is that
the host sends an ICMP echo request packet, and the router/switch sends an
ICMP echo reply packet upon receiving the ICMP echo request packet. The
“ICMP flood” attack is that the attacker sends a large amount of the ICMP echo
request packets to the destination device, resulting in the consumption of the
CPU resources and the erroe of the device working. The workaround for the
To Next Page
Loading...
