Chapter 106 CPU Protection and DDoS
OLT2406 User’s Guide
720
106.3 DDoS Setup
The show dos status command displays the current DDoS configuration status:
You can use the dos enable <item_number|all> command to enable a specific item or all items,
and the no dos enable <item_number|all> command to disable them.
106.4 CPU Protection and DDoS Commands
This table describes the CPU protection and DDoS commands.
OLT2406# show dos status
Item Name Status
---- ----------------------------------------------- -------
1 Source IP equal Destination IP enable
2 MAC Source Addr equal MAC Destination Addr enable
3 MAC Source Addr are zero enable
4 TCP flags : SYN = 1 & ACK = 0 & SRC_Port < 1024 disable
5 TCP flags : All TCP flags = 0 disable
6 V4 first fragment check disable
7 TCP flags : FIN = 1 & URG = 1 & PSH = 1 disable
8 TCP flags : SYN = 1 & FIN = 1 disable
9 TCP Source Port equal Destination Port disable
10 UDP Source Port equal Destination Port disable
11 TCP packets with not full TCP header disable
12 TCP Header offset equals to 1 are dropped disable
13 Enable ICMP size check disable
14 Fragmented ICMP packets check disable
Table 379 CPU protection and DDoS Commands
COMMAND DESCRIPTION M P
show cpu-protection interface
port-channel <aid>
Displays the interface’s CPU protection settings.
aid: slot-<slot> | <ge|msc|pon>-
<slot>-<port>
E3
clear cpu-protection interface
port-channel <aid>
Clears the interface’s CPU protection counter.
aid: slot-<slot> | <ge|msc|pon>-<slot>-
<port>
E3
CPU-limit ARP
Enables the CPU to limit broadcast ARP packets. C 13
CPU-limit ARP inactive
Disables the CPU to limit broadcast ARP
packets.
C13
CPU-limit ARP rate <64 to 1,000,000
kbps>
Sets the limit of the ARP packet rate.
64 to 1,000,000 kbps, default: 64
C13
interface port-channel
Displays the CPU protection help. C 13
To Next Page
Loading...
