DES-7200 Configuration Guide Chapter 12 NFPP Configuration
12-35
Command Function
DES-7200# copy running-config
startup-config
Save the configurations.
To restore the monitored host limit to the default value, use the no icmp-guard
monitored-host-limit command in the nfpp configuration mode.
If the monitored host number has reached the default 1000, and the administrator sets the
monitored host limit smaller than 1000, the existent moniored hosts will not be deleted and it
will prompt the message “
%ERROR: The value that you configured is smaller than current
monitored hosts 1000,please clear a part of monitored hosts.”
to notify the administrator of
the invalid configuration and removing a part of the monitored hosts.
Caution
It prompts the message that
“% NFPP_ICMP_GUARD-4-SESSION_LIMIT: Attempt to
exceed limit of 1000 monitored hosts.”
if the monitored host table is full.
12.5.6 Host-based
rate-limit and
attack detection
Use the source IP address/VID/port-based method to detect the host-based attack. For each
attack detection, you can configure the rate-limit threshold and attack threshold (also called
warning threshold). The ICMP packet will be dropped when the packet rate exceeds the
rate-limit threshold. When the ICMP packet rate exceeds the warning threshold, it will prompt
the warning messages and send the TRAP message.
It prompts the following message if the ICMP DoS attack was detected:
%NFPP_ICMP_GUARD-4- DOS_DETECTED:Host<IP=1.1.1.1,MAC= N/A,port=Gi4/1,VLA
N=1> was detected. (2009-07-01 13:00:00)
The following example shows the describing information included in the sent TRAP messages:
ICMP DoS attack from host<IP=1.1.1.1,MAC= N/A,,port=Gi4/1,VLAN=1> was det
ected.
If the isolated time is not set as 0 by the administrator, when the hardware isolation succeeds,
it prompts:
%NFPP_ICMP_GUARD-4-ISOLATED:Host <IP=1.1.1.1, MAC= N/A,port=Gi4/1,VLAN=1
> was isolated. (2009-07-01 13:00:00)