Chapter17SecurityConguration
isdifferentaccordingtodifferentprotocolpackets,whichcan
beviewedbyshowcommand.
3.Tocongureprotocolpacketalarmthreshold,usethefollowing
command.
CommandFunction
ZXR10(config-gei_1/x)#protocol-protectalarmmode
<protocolname><alarm-limit>
Thisconguresacertain
protocolpacketalarmthreshold
as30s.
Thealarm-limitrangeis
1000-18000.
Thiscommandisalsoconguredintheinterfacemode.Itis
usedtomodifyacertainprotocolpacketalarmthresholdin
acertainphysicalport.Whenthenumberofspecicprotocol
packetexceedsthisthresholdin30s,analarmmessageissent
touser .Thedefaultvalueis3000.
4.Tocongureprotocolpacketpassingpeak/averagespeed,use
thefollowingcommand.
CommandFunction
ZXR10(config-gei_1/x)#protocol-protect{peak-rate|
average-rate}mode<protocolname><rate-limit>
Thisconguresprotocolpacket
passingpeak/averagespeed.
Thiscommandisusedtocongurepeakspeedoraverage
speedofcorrespondingprotocolpacketoncorrespondingport.
Theunitispps,peakspeedcanbecongured100~1000and
thedefaultvalueis300,averagespeedcanbeset10~600and
thedefaultis100.
5.Tocongureporttype,usethefollowingcommand.
CommandFunction
ZXR10(config-gei_1/x)#protocol-protecttype{nni|uni}
Thisconguresthetypeofa
certainportisuniornni.
Thiscommandisusedtocongureacertainporttypewhichis
uniornni.Thedefaultisnni.
Theabovecommandssupportingprotocolincludes:
pimigmpicmparpreplyarprequestudld,groupmngvbaselldp,
dhcplacpbpdusnmp,nansrars.
Whenprotocolpacketiscongureddiscard,evenifuploadedto
MUXmodule,itwillbediscardedbythismodule,whichleadsto
failtouploadtoplatform.Whencontrol-plane-securitymod-
ulendthatthespeedofacertainprotocolpacketuploading
toplatformistoofast,itwillsendalarmtoreminduserthat
maybethereisacertainprotocolpackettoattackCPU.When
seeingthisalarm,usercancongureprotocolpacketdiscard
orlimitspeedtopreventattackfromCPU.
CondentialandProprietaryInformationofZTECORPORATION175
To Next Page
Loading...
