To restore the monitored host limit to the default value, use the no dhcp-guard
monitored-host-limit command in the nfpp configuration mode.
If the monitored host number has reached the default 1000, and the
administrator sets the monitored host limit smaller than 1000, the existent
moniored hosts will not be deleted and it will prompt the message “%ERROR: The
value that you configured is smaller than current monitored hosts 1000,please
clear a part of monitored hosts.” to notify the administrator of the invalid
configuration and removing a part of the monitored hosts.
It prompts the message that “%
NFPP_DHCP_GUARD-4-SESSION_LIMIT: Attempt to exceed limit of
1000 monitored hosts.” if the monitored host table is full.
Host-based rate-limit and attack detection
Use the source MAC/VID/port-based method to detect the host-based attack.
For each attack detection, you can configure the rate-limit threshold and attack
threshold (also called warning threshold). The DHCP packet will be dropped
when the packet rate exceeds the rate-limit threshold. When the DHCP packet
rate exceeds the warning threshold, it will prompt the warning messages and
send the TRAP message.
It prompts the following message if the DHCP DoS attack was detected:
%NFPP_DHCP_GUARD-4- DOS_DETECTED:Host<IP=N/A,MAC=0000.0000.0001,port=Gi
4/1,VLAN=1> was detected. (2009-07-01 13:00:00)
The following example shows the describing information included in the sent
TRAP messages:
DHCP DoS attack from host<IP= N/A,MAC=0000.0000.0001,port=Gi4/1,VLAN=1>
was detected.
If the isolated time is not set as 0 by the administrator, when the hardware
isolation succeeds, it prompts:
To Next Page
Loading...
