Configuration Guide NFPP Configuration
Return to the privileged EXEC mode.
Ruijie(config-if)# show nfpp icmp-guard
summary
Show the parameter settings.
Ruijie# copy running-config
startup-config
Port-based rate-limit and attack detection
You can configure the icmp-guard rate limt and attack threshold on the port. The
rate limit value must be less than the attack threshold value. When the ICMP
packet rate on a port exceeds the limit, the ICMP packets are dropped. When
the ICMP packet rate on a port exceeds the attack threshold limit, the CLI
prompts and the TRAP packets are sent.
It prompts the following message when the ICMP DoS attack was detected on a
port:
%NFPP_ICMP_GUARD-4-PORT_ATTACKED: ICMP DoS attack was detected
on port Gi4/1. (2009-07-01 13:00:00)
The following is additional information of the sent TRAP packet :
ICMP DoS attack was detected on port Gi4/1.
This section shows the administrator how to configure the port-based rate-limit
and attack detection in the nfpp configuration mode and in the interface
configuration mode:
Ruijie# configure terminal
Enter the global configuration mode.
Enter the nfpp configuration mode.
Ruijie(config)# icmp-guard rate-limit
per-port pps
Configure the icmp-guard rate-limit of
the ICMP packet on the port, ranging
from 1 to 9999.
Ruijie(config)# icmp-guard
attack-threshold per-port pps
Configure the icmp-guard attack
threshold, ranging from 1 to 9999. The
default value is the port-based rate
limit. When the ICMP packet number
on a port exceeds the attack threshold,
the CLI prompts and the TRAP packets
are sent.
To Next Page
Loading...
