Chapter5ServiceConguration
5.35PPConguration
PPOverview
ProtocolProtect(PP)maintainsandmonitorstherateofpacketsforwardedtotheCPU,
thuspreventingvirusesorspitefulattackstotheswitch.Inthisway,theswitchprovides
self-protectionabilityandensuresnetworksecurity.
PPtakesthefollowingmeasures:limitingtheratesofrelatedservices,lteringunsuitable
packets,sendingalarmswhentherearepacketssentatanabnormalrate,andreminding
NMSthattheremaybepacketsattackingtheCPU.
Toenhanceexibilityandcompatibilityoftheswitch,PPprovidesthefunctionofconguring
priorityusersfortheprotocolpacketssentbytheswitch.
ConguringPP
ThePPcongurationincludesthefollowingcommands:
CommandFunction
zte(cfg)#createprotocol-protectmac-droprule
<1-128>src-mac<HH.HH.HH.HH.HH.HH>mask
<HH.HH.HH.HH.HH.HH>
Createsamacdroprule.
zte(cfg)#setprotocol-protectalarmport<portlist>{enable|
disable}
EnablesordisablesthePPalarm
functiononaport.
zte(cfg)#setprotocol-protectalarmport<portlist>{protocol-na
me}<0-18000>
SetsPP30second-protocolalarm
threshold.
zte(cfg)#setprotocol-protectlimit{group-name}<0-800>Setstheratelimitofsending
packetstotheCPU.
zte(cfg)#setprotocol-protectpriority{protocol-name|all}{<0-7
>|default}
SetsPPprotocolpriority.
zte(cfg)#setprotocol-protectmac-drop{disable|enable}Enablesthemacdropfunction.
zte(cfg)#setprotocol-protectmac-droprule<1-128>bindport
<portlist>
Bindsthemacdroprulewiththe
port.
zte(cfg)#clearprotocol-protectmac-dropcounter[port
<portlist>]
Clearsthenumberofmessages
droppedbythemacdropfunction.
zte(cfg)#clearprotocol-protectmac-dropport<portlist>[rule
<1-128>]
Clearsthemacdroprulesfor
speciedorallports.
zte(cfg)#clearprotocol-protectmac-droprule[<1-128>]Clearsspeciedmacdroprules.
showprotocol-protectstatistic[port<portlist>](allconguration
modes)
Displaysstatisticsinformationof
protocolpacketalarmsonaPP
port.
showprotocol-protectlimit(allcongurationmodes)DisplaysPPratelimitinformation.
5-133
SJ-20130731155059-002|2013-11-27(R1.0)ZTEProprietaryandCondential
To Next Page
Loading...
