DES-7200 Configuration Guide Chapter 12 NFPP Configuration
12-20
Caution
It is worth mentioning that the IP-guard is for the attack of the IP
packets with the destination IP address not the host IP address.
For the IP packet with the destination IP address the host IP
address, use the CPP(CPU Protect Policy) to limit the rate.
The IP-guard is supported in the layer-3 switches only.
With the ip-guard enabled on the interface and the non-0 isolated period configured, it isolates
the hosts attacked by the IP packets.
IP-guard configuration commands include:
Enabling ip-guard
Configuring the isolated time
Configuring the monitored time
Configuring the monitored host limit
Host-based rate-limit and attack detection
Port-based rate-limit and attack detection
Configuring trusted host
Showing related ip-guard information
12.4.2 Enabling
IP-guard
You can enable ip-guard in the nfpp configuration mode or in the interface configuration mode.
By default, the ip-guard is enabled.
Command Function
DES-7200# configure terminal
Enter the global configuration mode.
DES-7200(config)# nfpp
Enter the nfpp configuration mode.
DES-7200(config-nfpp)# ip-guard enable
Enable the ip-guard. By default, ip-guard
is enabled.
DES-7200(config-nfpp)# end
Return to the privileged EXEC mode.
DES-7200# configure terminal
Enter the global configuration mode.
DES-7200# interface interface-name
Enter the interface configuration mode.
DES-7200(config-if)# nfpp ip-guard enable
Enable the ip-guard on the interface. By
default, ip-guard is not enabled on the
interface.
DES-7200(config-if)# end
Return to the privileged EXEC mode.