Ruijie RG-S2900G-E Series

To Next Page

To Previous Page

Configuration Guide NFPP Configuration

address/VID/port-based. For each attack detection, you can configure the

rate-limit threshold and warning threshold. The DHCPv6 packet will be dropped

when the packet rate exceeds the rate-limit threshold. When the DHCPv6

packet rate exceeds the warning threshold, it will prompt the warning messages

and send the TRAP message. The host-based attack detection can isolate the

attack source.

DHCPv6-guard configuration commands include:

 Enabling dhcpv6-guard

 Configuring the isolated time

 Configuring the monitored time

 Configuring the monitored host limit

 Host-based rate-limit and attack detection

 Port-based rate-limit and attack detection

 Clearing monitored host

 Showing related dhcpv6-guard information

Enabling DHCPv6-guard

You can enable dhcpv6-guard in the nfpp configuration mode or in the interface

configuration mode. By default, the dhcpv6-guard is enabled.

Command

Function

Ruijie# configure terminal

Enter the global configuration mode.

Ruijie(config)# nfpp

Enter the nfpp configuration mode.

Ruijie(config-nfpp)# dhcpv6-guard enable

Enable the dhcpv6-guard. By default,

dhcpv6-guard is enabled.

Ruijie(config-nfpp)# end

Return to the privileged EXEC mode.

Ruijie# configure terminal

Enter the global configuration mode.

Ruijie# interface interface-name

Enter the interface configuration mode.

Ruijie(config-if)# nfpp dhcpv6-guard

enable

Enable the dhcpv6-guard on the

interface. By default, dhcpv6-guard is

not enabled on the interface.

Ruijie(config-if)# end

Return to the privileged EXEC mode.

Ruijie# show nfpp dhcpv6-guard

summary

Show the configurations.

Main Page

Ruijie RG-S2900G-E Series - Page 735

Table of Contents

Related product manuals