Command Reference NFPP Commands
nfpp nd-guard policy
Use this command to set the rate-limit threshold and the attack threshold.
nfpp nd-guard policy per-port
{ ns-na | rs | ra-redirect } rate-limit-pps attack-threshold-pps
Parameter
Description
Parameter Description
ns-na
Set the neighbor request and neighbor advertisement.
rs
Set the router request.
ra-redirect
Set the router advertisement and the redirect packets.
rate-limit-pps
Set the rate-limit threshold with the valid range of [1, 9999].
Defaults
By default, the rate-limit threshold and the attack threshold are not configured.
Command
Mode
Interface configuration mode.
Usage Guide
The attack threshold value shall be equal to or greater than the rate-limit threshold.
For ND snooping, the port is classified into untrusted port and trusted port. The untrusted port
connects to the host and the trusted port connects to the gateway. The rate-limt threshold for the
trusted port shall higher than the one for the untrusted port because the traffic of the trusted port
generally is higher than the traffic of the untrusted port. For the trusted port with ND snooping
enabled, ND snooping advertises ND guard to set the rate-limit threshold and attack threshold for the
three categories of packets as 800pps and 900pps respectively.
Configuration
Examples
Ruijie(config)# interface G 0/1
Ruijie(config-if)# nfpp nd-guard policy per-port ns-na 50 100
Ruijie(config-if)# nfpp nd-guard policy per-port rs 10 20
Ruijie(config-if)# nfpp nd-guard policy per-port ra-redirect 10 20
Related
Commands
Command Description
nd-guard attack-threshold
Set the global attack threshold.
nd-guard rate-limit
Set the global rate-limit threshold.
show nfpp nd-guard summary
Show the configurations.
Platform
Description
N/A
show nfpp arp-guard hosts
Use this command to show the monitored host.
show nfpp arp-guard hosts [ statistics | [ [ vlan vid ] [ interface interface-id ] [ ip-address |
To Next Page
Loading...
Need help?
General
