Configuration Guide NFPP Configuration
Host-based rate-limit and attack detection
Use the source MAC/VID/port-based method to detect the host-based attack.
For each attack detection, you can configure the rate-limit threshold and attack
threshold (also called warning threshold). The DHCPv6 packet will be dropped
when the packet rate exceeds the rate-limit threshold. When the DHCPv6
packet rate exceeds the warning threshold, it will prompt the warning messages
and send the TRAP message.
It prompts the following message if the DHCPv6 DoS attack was detected:
%NFPP_DHCPV6_GUARD-4- DOS_DETECTED:Host<IP=N/A,MAC=0000.0000.0001,port=
Gi4/1,VLAN=1> was detected. (2009-07-01 13:00:00)
The following example shows the describing information included in the sent
TRAP messages:
DHCPV6 DoS attack from host<IP=N/A,MAC=0000.0000.0001,port=Gi4/1,VLAN=1>
was detected.
If the isolated time is not set as 0 by the administrator, when the hardware
isolation succeeds, it prompts:
%NFPP_DHCPV6_GUARD-4-ISOLATED:Host <IP= N/A,MAC=0000.0000.0001,port=Gi4
/1,VLAN=1> was isolated. (2009-07-01 13:00:00)
The following example shows the describing information included in the sent
TRAP messages:
Host<IP=N/A,MAC=0000.0000.0001,port=Gi4/1,VLAN=1> was isolated.
When it fails to isolate the hardware due to a lack of memory or hardware
resources, it prompts:
%NFPP_DHCPV6_GUARD-4-ISOLATE_FAILED: Failed to isolate host <IP=N/A,MAC=0
000.0000.0001,port=Gi4/1,VLAN=1>. (2009-07-01 13:00:00)
The following example shows the describing information included in the sent
TRAP messages:
Failed to isolate host<IP=N/A,MAC=0000.0000.0001,port=Gi4/1,VLAN=1>.
To Next Page
Loading...
