Configuration Guide NFPP Configuration
Ruijie# copy running-config
startup-config
Port-based rate-limit and attack detection
You can configure the dhcpv6-guard rate limt and attack threshold on the port.
The rate limit value must be less than the attack threshold value. When the
DHCPv6 packet rate on a port exceeds the limit, the DHCPv6 packets are
dropped. When the DHCPv6 packet rate on a port exceeds the attack threshold
limit, the CLI prompts and the TRAP packets are sent.
It prompts the following message when the DHCPv6 DoS attack was detected
on a port:
%NFPP_DHCPV6_GUARD-4-PORT_ATTACKED: DHCPV6 DoS attack was
detected on port Gi4/1. (2009-07-01 13:00:00)
The following is additional information of the sent TRAP packet :
DHCPV6 DoS attack was detected on port Gi4/1.
This section shows the administrator how to configure the port-based rate-limit
and attack detection in the nfpp configuration mode and in the interface
configuration mode:
Ruijie# configure terminal
Enter the global configuration mode.
Enter the nfpp configuration mode.
Ruijie(config)# dhcpv6-guard
rate-limit per-port pps
Configure the dhcpv6-guard rate-limit of the
DHCPV6 packet on the port, ranging from 1 to
9999, 150 by default.
Ruijie(config)# dhcpv6-guard
attack-threshold per-port pps
Configure the dhcpv6-guard attack threshold,
ranging from 1 to 9999, 300 by default.
When the DHCPV6 packet number on a port
exceeds the attack threshold, the CLI prompts
and the TRAP packets are sent.
Return to the privileged EXEC mode.
Ruijie# configure terminal
Enter the global configuration mode.
Ruijie(config)# interface
interface-name
Enter the interface configuration mode.
To Next Page
Loading...
