Filter
Top Products
DES-7200 Configuration Guide Chapter 12 NFPP Configuration
12-5
Command Function
DES-7200(config)#
cpu-protect sub-interface
{manage|protocol|route}
percent percent_vaule
Configure the packet percent.
percent_value: ranging from 1 to 100, in integer.
For example:
DES-7200(config)# cpu-protect sub-interface manage percent 60
DES-7200(config)# end
Caution
The valid percent value of one packet must be less than 100%
minus the percent value of other two types of packets
12.2.4 Anti-attack
Protocols
ARP-guard
IP-guard
ICMP-guard
DHCP-guard
DHCPv6-guard
ND-guard
NFPP syslog
12.3 ARP-guard
12.3.1 ARP-guard
Overview
The IP address is translated into the MAC address by ARP protocol in the local area
network(LAN). ARP protocol plays an important role in the network security. ARP DoS attack
sends a large amount of illegal ARP packets to the gateway, preventing the gateway from
providing the services. To deal with this attack, on one hand, you can configure the rate-limit of
the ARP packet, on the other hand, you can detect and isolate the attack source.
The ARP attack detection could be host-based or port-based. Host-based ARP attack
detection could be classified into the following two types again: source IP
address/VID/port-based and source MAC address/VID/port-based. For each attack detection,
you can configure the rate-limit threshold and warning threshold. The ARP packet will be