Configuration Guide NFPP Configuration
This section shows the administrator how to configure the host-based rate-limit
and attack detection in the nfpp configuration mode and in the interface
configuration mode:
Ruijie# configure terminal
Enter the global configuration mode.
Enter the nfpp configuration mode.
Ruijie(config-nfpp)#
dhcpv6-guard rate-limit
per-src-mac pps
Configure the dhcpv6-guard rate-limit, ranging
from 1 to 9999, 5 by default.
per-src-mac: detect the hosts based on the
source MAC address/VID/port;
Ruijie(config)# dhcpv6-guard
attack-threshold per-src-mac
pps
Configure the dhcpv6-guard attack threshold,
ranging from 1 to 9999, 10 by default. When the
DHCPv6 packet number sent from a host
exceeds the attack threshold, the attack is
detected and DHCPv6-guard isolates the host,
records the message and sends the TRAP
packet.
per-src-mac: detect the hosts based on the
source MAC address/VID/port;
Return to the privileged EXEC mode.
Ruijie# configure terminal
Enter the global configuration mode.
Ruijie(config)# interface
interface-name
Enter the interface configuration mode.
Ruijie(config-if)#nfpp dhcpv6-
guard policy per-src-mac rat
e-limit-pps attack-threshold-pps
Configure the rate-limit and attack threshold on
the specified interface.
rate-limit-pps: set the rate-limit threshold. The
valid range is 1-9999 and by default, it adopts the
global rate-limit threshold value.
attack-threshold-pps: set the attack threshold.
The valid range is 1-9999 and by default, it
adopts the global attack threshold value.
per-src-mac: to detect the hosts based on the
source MAC/VID/port;
Return to the privileged EXEC mode.
Ruijie(config-if)# show nfpp
dhcpv6-guard summary
Show the parameter settings.
To Next Page
Loading...
