Filter
Top Products
DES-7200 Configuration Guide Chapter 12 NFPP Configuration
12-11
It prompts the following message when the ARP scan was detected:
%NFPP_ARP_GUARD-4-SCAN: Host<IP=1.1.1.1,MAC=0000.0000.0004,port=Gi4/1,VL
AN=1> was detected. (2009-07-01 13:00:00)
The following example shows the describing information included in the sent TRAP messages:
ARP scan from host< IP=1.1.1.1,MAC=0000.0000.0004,port=Gi4/1,VLAN=1> was
detected.
It saves the latest 256 pieces of records in the ARP scan table. When the ARP scan table is full,
it prompts:
%NFPP_ARP_GUARD-4-SCAN_TABLE_FULL: ARP scan table is full.
It prompts the following message to remind the administrator that the configured rate-limit
threshold is higher than the attack threshold:
%ERROR:rate limit is higher than attack threshold 500pps.”
It prompts the following message to remind the administrator that the configured attack
threshold is smaller than the rate-limit threshold:
%ERROR:attack threshold is smaller than rate limit 300pps.”
Caution
It sets a policy to the hardware when isolating the attackers. When the
hardware resources have been exhausted, it prompts the message to
inform the administrator.
When it fails to allocate the memory to the detected attackers, it prompts
the message like “
%NFPP_ARP_GUARD-4-NO_MEMORY: Failed to alloc
memory.
”to inform the administrator.
It contains only the latest 256 pieces of the records in the ARP scan
table. When the ARP scan table is full, the newest record will overwrite
the oldest one.
This section shows the administrator how to configure the host-based rate-limit and attack
detection in the nfpp configuration mode and in the interface configuration mode:
Command Function
DES-7200# configure terminal
Enter the global configuration mode.