Configuration Guide NFPP Configuration
Ruijie(config)# dhcp-guard
attack-threshold per-src-mac pps
Configure the dhcp-guard attack threshold,
ranging from 1 to 9999, 10 by default. When
the DHCP packet number sent from a host
exceeds the attack threshold, the attack is
detected and DHCP-guard isolates the host,
records the message and sends the TRAP
packet.
per-src-mac: detect the hosts based on the
source MAC address/VID/port;
Return to the privileged EXEC mode.
Ruijie# configure terminal
Enter the global configuration mode.
Ruijie(config)# interface
interface-name
Enter the interface configuration mode.
Ruijie(config-if)#nfpp dhcp-guard
policy per-src-mac rate-limit-pps
attack-threshold-pps
Configure the rate-limit and attack threshold
on the specified interface.
rate-limit-pps: set the rate-limit threshold. The
valid range is 1-9999 and by default, it adopts
the global rate-limit threshold value.
attack-threshold-pps: set the attack
threshold. The valid range is 1-9999 and by
default, it adopts the global attack threshold
value.
per-src-mac: to detect the hosts based on
the source MAC/VID/port;
Return to the privileged EXEC mode.
Ruijie(config-if)# show nfpp
dhcp-guard summary
Show the parameter settings.
Ruijie# copy running-config
startup-config
Port-based rate-limit and attack detection
You can configure the dhcp-guard rate limt and attack threshold on the port. The
rate limit value must be less than the attack threshold value. When the DHCP
packet rate on a port exceeds the limit, the DHCP packets are dropped. When
the DHCP packet rate on a port exceeds the attack threshold limit, the CLI
prompts and the TRAP packets are sent.
To Next Page
Loading...
