EasyManua.ls Logo

Zte ZXA10 C300 - Configuring Control Panel Safety

Zte ZXA10 C300
301 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
ZXA10C300CongurationManual(CLI)
ZXAN(config)#linetelnetaccess-class10
EndofSteps
15.5ConguringControlPanelSafety
Afteryoucongurecontrolpanelsafety,theZXA10C300canlimittheprotocolpacketrate
andpreventDoSpacketattacks.
Context
Controlpanelsafetyincludesthefollowingthreefunctions:
lRatelimitofprotocolpackets
Differentratelimitsaresetforpacketsofdifferentprotocols.
lRatelimitofCPUqueuepackets
Packetratelimitsforeightqueuesoftheexchangechipcanbesetseparately.When
thepacketrateofacertainqueueistoohigh,acorrespondingratelimitcanbesetto
reducetheimpactontheCPU.
lBlacklist
WhenthenumberofpacketssenttotheCPUbyauserinonepollingperiod(5sby
default)exceedsthethreshold,theZXA10C300considersthattheuserimplements
aDoSattackontheNEandincludestheuserintotheblacklist.Thenpacketssent
bytheuserwillbedroppedtilltheuserstopstheattack.
Steps
1.Entercontrolpanelmode,andcongurepacketlimit.
ZXAN(config)#control-panel
ZXAN(control-panel)#packet-limitdhcp20
ZXAN(control-panel)#packet-limitarp50
2.ConguretheratelimitofCPUqueuepackets.
ZXAN(control-panel)#cpuqueue125
3.Enableanti-DoS.
ZXAN(control-panel)#anti-dosenable
4.Enabletheanti-DoSdropfunction.
ZXAN(control-panel)#anti-dosdropenable
5.Congurethethresholdoftheblacklist.
ZXAN(control-panel)#anti-doslimit-number20
6.Congurethepollingtimeoftheblacklist.
ZXAN(control-panel)#anti-dosblocking-time10
7.(Optional)Querytheblacklist.
15-6
SJ-20130520164529-007|2013-06-30(R1.0)ZTEProprietaryandCondential

Table of Contents

Other manuals for Zte ZXA10 C300

Preview: Maintenance Manual
Maintenance Manual75 pages
Preview: Installation Guide
Installation Guide108 pages