SNR S2940-8G-v2 Switch Configuration Guide
The Number Limitation Function of MAC and IP in Port, VLAN Configuration
show nd-dynamic count { vlan <vlan-
id>
|
interface
ethernet
<portName>
}
Display the number of dynamic NEIGHBOUR in corre-
sponding ports and VLAN.
debug switchport mac count
no debug switchport mac count
All kinds of debug information when limiting the num-
ber of MAC on ports.
debug switchport arp count
no debug switchport arp count
All kinds of debug information when limiting the num-
ber of ARP on ports.
debug switchport nd count
no debug switchport nd count
All kinds of debug information when limiting the num-
ber of NEIGHBOUR on ports.
debug vlan mac count
no debug vlan mac count
All kinds of debug information when limiting the num-
ber of MAC in VLAN.
debug ip arp count
no debug ip arp count
All kinds of debug information when limiting the num-
ber of ARP in VLAN.
debug ipv6 nd count
no debug ipv6 nd count
All kinds of debug information when limiting the num-
ber of MAC in VLAN.
46.3 The Number Limitation Function of MAC and IP in Port,
VLAN Typical Examples
Figure 46.1: The Number Limitation of MAC and IP in Port, VLAN Typical Configuration Example
In the network topology above, SWITCH B connects to many PC users, before enabling the
number limitation function of MAC and IP in Port, VLAN, if the system hardware has no other
limitation, SWTICH A and SWTICH B can get the MAC, ARP, ND list entries of all the PC, so
limiting the MAC, ARP list entry can avoid DOS attack to a certain extent. When malicious users
frequently do MAC, ARP cheating, it will be easy for them to fill the MAC, ARP list entries of the
switch, causing successful DOS attacks. Limiting the MAC, ARP, ND list entry can prevent DOS
attack.
327
To Next Page
Loading...
General