Filter
Top Products
DES-7200 Configuration Guide Chapter 12 NFPP Configuration
12-24
it prompts:
%NFPP_IP_GUARD-4-ISOLATED:Host <IP=1.1.1.1, MAC= N/A,port=Gi4/1,VLAN=1>
was isolated. (2009-07-01 13:00:00)
The following example shows the describing information included in the sent TRAP messages:
Host<IP=1.1.1.1, MAC= N/A,port=Gi4/1,VLAN=1> was isolated.
When it fails to isolate the hardware due to a lack of memory or hardware resources, it
prompts:
%NFPP_IP_GUARD-4-ISOLATE_FAILED: Failed to isolate host <IP=1.1.1.1, MAC=
N/A,port=Gi4/1,VLAN=1>. (2009-07-01 13:00:00)
The following example shows the describing information included in the sent TRAP messages:
Failed to isolate host<IP=1.1.1.1, MAC= N/A,port=Gi4/1,VLAN=1>.
It prompts the following message when the IP scan was detected:
%NFPP_IP_GUARD-4-SCAN: Host<IP=1.1.1.1, MAC= N/A,port=Gi4/1,VLAN=1> was
detected. (2009-07-01 13:00:00)
The following example shows the describing information included in the sent TRAP messages:
IP scan from host< IP=1.1.1.1, MAC= N/A,port=Gi4/1,VLAN=1> was detected.
Caution
It sets a policy to the hardware when isolating the attackers. When the
hardware resources have been exhausted, it prompts the message to
inform the administrator.
When it fails to allocate the memory to the detected attackers, it prompts
the message like “
%NFPP_IP_GUARD-4-NO_MEMORY: Failed to alloc
memory.
”to inform the administrator.
This section shows the administrator how to configure the host-based rate-limit and attack
detection in the nfpp configuration mode and in the interface configuration mode:
Command Function
DES-7200# configure terminal
Enter the global configuration mode.
DES-7200(config)# nfpp
Enter the nfpp configuration mode.
DES-7200(config-nfpp)# ip-guard rate-limit
per-src-ip pps
Configure the ip-guard rate-limit, ranging from 1 to
9999, 20 by default.
per-src-ip: detect the hosts based on the source IP
address/VID/port;