D-Link DES-7200 Refrigerator User Manual


  Open as PDF
of 1968
 
DES-7200 Configuration Guide Chapter 12 NFPP Configuration
12-23
Command Function
DES-7200(config-nfpp)# ip-guard
monitored-host-limit seconds
Configure the monitored host limit, ranging
1-4294967295. The default value is1000.
DES-7200(config-nfpp)# end
Return to the privileged EXEC mode.
DES-7200# show nfpp ip-guard summary
Show the parameter settings.
DES-7200# copy running-config
startup-config
Save the configurations.
To restore the monitored host limit to the default value, use the no ip-guard
monitored-host-limit command in the nfpp configuration mode.
If the monitored host number has reached the default 1000, and the administrator sets the
monitored host limit smaller than 1000, the existent moniored hosts will not be deleted and it
will prompt the message “
%ERROR The value that you configured is smaller than current
monitored hosts 1000please clear a part of monitored hosts.”
to notify the administrator of
the invalid configuration and removing a part of the monitored hosts.
Caution
It prompts the message that
“% NFPP_IP_GUARD-4-SESSION_LIMIT: Attempt to
exceed limit of 1000 monitored hosts.”
if the monitored host table is full.
12.4.6 Host-based
rate-limit and
attack detection
Use the source IP address/VID/port-based method to detect the host-based attack. For each
attack detection, you can configure the rate-limit threshold and attack threshold (also called
warning threshold). The IP packet will be dropped when the packet rate exceeds the rate-limit
threshold. When the IP packet rate exceeds the warning threshold, it will prompt the warning
messages and send the TRAP message.
It prompts the following message if the IP DoS attack was detected:
%NFPP_IP_GUARD-4- DOS_DETECTED:Host<IP=1.1.1.1,MAC= N/A,port=Gi4/1,VLAN=1>
was detected. (2009-07-01 13:00:00)
The following example shows the describing information included in the sent TRAP messages:
IP DoS attack from host<IP=1.1.1.1,MAC= N/A,,port=Gi4/1,VLAN=1> was detec
ted.
If the isolated time is not set as 0 by the administrator, when the hardware isolation succeeds,