Configuration Guide NFPP Configuration
It prompts the following message when the DHCP DoS attack was detected on
a port:
%NFPP_DHCP_GUARD-4-PORT_ATTACKED: DHCP DoS attack was
detected on port Gi4/1. (2009-07-01 13:00:00)
The following is additional information of the sent TRAP packet :
DHCP DoS attack was detected on port Gi4/1.
This section shows the administrator how to configure the port-based rate-limit
and attack detection in the nfpp configuration mode and in the interface
configuration mode:
Ruijie# configure terminal
Enter the global configuration mode.
Enter the nfpp configuration mode.
Ruijie(config)# dhcp-guard rate-limit
per-port pps
Configure the dhcp-guard rate-limit of the
DHCP packet on the port, ranging from 1 to
9999, 150 by default.
Ruijie(config)# dhcp-guard
attack-threshold per-port pps
Configure the dhcp-guard attack threshold,
ranging from 1 to 9999, 300 by default.
When the DHCP packet number on a port
exceeds the attack threshold, the CLI
prompts and the TRAP packets are sent.
Return to the privileged EXEC mode.
Ruijie# configure terminal
Enter the global configuration mode.
Ruijie(config)# interface
interface-name
Enter the interface configuration mode.
Ruijie(config-if)#nfpp dhcp-guard
policy per-port rate-limit-pps
attack-threshold-pps
Configure the rate-limit and attack threshold
on the specified interface.
rate-limit-pps: set the rate-limit threshold.
The valid range is 1-9999 and by default, it
adopts the global rate-limit threshold value.
attack-threshold-pps: set the attack
threshold. The valid range is 1-9999 and by
default, it adopts the global attack threshold
value.
Return to the privileged EXEC mode.
To Next Page
Loading...
