DES-7200 Configuration Guide Chapter 12 NFPP Configuration
12-9
Caution
If the isolated time is 0, the serviceview monitor will be performed to monitor
the detected attacker, and the timeout time will be the monitored period. In the
process of the serviceview monitor, if the isolated time is but not 0, the
hardware isolation will be performed to isolate the attacker, and the timeout
time will be the isolated period. Only be the monitored period valid when the
isolated period is 0.
Modifying the isolated time from non-0 to 0 removes the attackers from the
interface rather than performs the serviceview monitor.
12.3.5 Configuring the
monitored host
limit
Command Function
DES-7200# configure terminal
Enter the global configuration mode.
DES-7200(config)# nfpp
Enter the nfpp configuration mode.
DES-7200(config-nfpp)# arp-guard
monitored-host-limit seconds
Configure the monitored host limit, ranging
1-4294967295. The default value is1000.
DES-7200(config-nfpp)# end
Return to the privileged EXEC mode.
DES-7200# show nfpp arp-guard
summary
Show the arp-guard parameter settings.
DES-7200# copy running-config
startup-config
Save the configurations.
To restore the monitored host limit to the default value, use the no arp-guard monitored-host-limit
command in the nfpp configuration mode.
If the monitored host number has reached the default 1000, and the administrator sets the monitored
host limit smaller than 1000, the existent moniored hosts will not be deleted and it will prompt the
message “
%ERROR: The value that you configured is smaller than current monitored hosts 1000,
please clear a part of monitored hosts.”
to notify the administrator of the invalid configuration and
removing a part of the monitored hosts.
Caution
It prompts the message that
“% NFPP_ARP_GUARD-4-SESSION_LIMIT: Attempt to
exceed limit of 1000 monitored hosts.”
if the monitored host table is full.