Port-based rate-limit and attack detection
You can configure the ND-guard rate-limit and attack threshold on the port. The
rate-limit value must be less than the attack threshold value. When the ND
packet rate on a port exceeds the limit, the ND packets are dropped. When the
ND packet rate on a port exceeds the attack threshold limit, the CLI prompts
and the TRAP packets are sent.
ND Snooping divides the port into the untrusted port and the trusted port, which
connect to the host and the gateway respectively. The rate-limit threshold for
the trusted port shall be higher than the one for the untrusted port because the
traffic for the trusted port is generally higher than the one for the untrusted port.
With the ND Snooping enabled, the ND Snooping advertises the ND-guard to
set the rate-limit threshold and the attack threshold of the ND packets on the
trusted port as 800pps and 900pps respectively.
For the rate-limit threshold configured by the ND Snooping and the one
configured by the administrator, the latter configured threshold value overwrites
the former configured one.
When the administrator saves the settings, the rate-limit threshold configured by
the ND Snooping saved into the configuration file.
To Next Page
Loading...
