Configuration Guide NFPP Configuration
This section shows the administrator how to configure the host-based rate-limit
and attack detection in the nfpp configuration mode and in the interface
configuration mode:
Ruijie# configure terminal
Enter the global configuration mode.
Enter the nfpp configuration mode.
Ruijie(config-nfpp)# icmp-guard rate-limit
per-src-ip pps
Configure the icmp-guard rate-limit,
ranging from 1 to 9999, the default
value is the half of the port-based
global rate-limit.
per-src-ip: detect the hosts based on
the source IP address/VID/port;
Ruijie(config)# icmp-guard
attack-threshold per-src-ip pps
Configure the icmp-guard attack
threshold, ranging from 1 to 9999, and
the default value is the source IP
address-based rate limit. When the
ICMP packet number sent from a host
exceeds the attack threshold, the
attack is detected and ICMP-guard
isolates the host, records the message
and sends the TRAP packet.
per-src-ip: detect the hosts based on
the source IP address/VID/port;
Return to the privileged EXEC mode.
Ruijie# configure terminal
Enter the global configuration mode.
Ruijie(config)# interface interface-name
Enter the interface configuration mode.
Ruijie(config-if)#nfpp icmp-guard policy
per-src-ip rate-limit-pps attack-threshold-
pps
Configure the rate-limit and attack
threshold on the specified interface.
rate-limit-pps: set the rate-limit
threshold. The valid range is 1-9999
and by default, it adopts the global
rate-limit threshold value.
attack-threshold-pps: set the attack
threshold. The valid range is 1-9999
and by default, it adopts the global
attack threshold value.
per-src-ip: to detect the hosts based
on the source IP/VID/port;
To Next Page
Loading...
