ZXR105900/5200SeriesUserManual(BasicCongurationVolume)
ControlPlaneSecurity
Configuration
ControlPlaneSecurityOverview
InternetandIPtechnologywildspreadapplicationbringthegreat
changetotheworld.WithIPnetworkbeingdevelopedwidelyand
deeply,networkattackandvirusarebecomingmoreandmore
frequent,whichbringspeoplemuchvisibleandinvisibleloss.The
previousnetworkattackandvirusmostlytakePCorserverhost
asmajorattackobjects.Butnowterminalenduseranti-virus
capabilityandvirusmakercapabilityincreasesdaybyday,the
networkdevicessuchasrouterandswitchbecometheobjectthat
virusattacks.
Accordingtoknownorpredictableattackandvirusontheswitch,
wecantakemanykindsofmeasurestomakeswitchhaveself-pro-
tectionandsafeguardingnetworksecuritycapability.Themain
functionofcontrolplanesecurityistomonitorthepacketupload-
ingrate,generatealarmonabnormalrateuploadingpacketand
remindnetworkmanagertopayattentiontopossiblepacketattack
toCPU.Sothatnetworkmanagercandecideifdiscardthispacket
ontheinterfaceorlimitspeedandlterunreasonablepacket.
CommandConfiguration
1.Toenable/disablecontrol-plane-securityfunction,usethefol-
lowingcommand.
CommandFunction
ZXR10(config)#control-plane-security{enable|
disable}
Thiscommandiscontrol-plane-
securityfunctionglobalswitch.
Itisusedtoopenorclose
control-plane-securityfunction,
thedefaultisenabled.
2.Todiscardorpassprotocolpacket,usethefollowingcommand.
CommandFunction
ZXR10(config-gei_1/x)#protocol-protectmode
<protocolname>{enable|disable}
Thispasses/discardsprotocol
packet.
Thiscommandisconguredintheinterfacemode.Congura-
tiondecidesifacertainprotocolpacketwillbediscardedina
physicalport.AsfortheportwhoseportcongurationisNNI,
allconguredprotocolpacketsareenabledindefault.Butas
fortheportwhoseportcongurationisUNI,thedefaultvalue
174CondentialandProprietaryInformationofZTECORPORATION
To Next Page
Loading...
