Configuration Guide NFPP Configuration
For example,
Ruijie#show nfpp dhcp-guard hosts statistics
success fail total
------- ---- -----
100 20 120
Ruijie# show nfpp dhcp-guard hosts
If column 1 shows '*', it means "hardware do not isolate user" .
VLAN interface MAC address remain-time(s)
---- -------- ----------- -------------
*1 Gi0/1 0000.0000.0001 110
2 Gi0/2 0000.0000.2222 61
Total:2 host(s)
Ruijie# show nfpp dhcp-guard hosts vlan 1 interface g 0/1 0000.0000.0001
If column 1 shows '*', it means "hardware failed to isolate host".
VLAN interface MAC address remain-time(s)
---- -------- ----------- -------------
*1 Gi0/1 0000.0000.0001 110
Total:1 host(s)
DHCPv6-guard
DHCPv6-guard Overview
The DHCPv6 protocol is widely used to dynamically allocate the IPv6 address in
the LAN, and plays an important role in the network security. Being similar to the
DHCP attack, the DHCPv6 attack occurs in the way of broadcasting the
DHCPv6 request packets through faking the MAC address. If there are too
many DHCPv6 request packets, the attacker may use up the addresses
provided in the DHCPv6 server. To this end, a legal host fails to request for an
IPv6 address and access to the network. The workaround for the DHCPv6
attack: one one hand, you may configure the DHCPv6 packet rate-limit; on the
other hand, you may detect and isolate the attack source.
The DHCPv6 attack detection could be host-based or port-based. Host-based
ARP attack detection adopts the combination of source IP
To Next Page
Loading...
Need help?
General