DES-7200 Configuration Guide Chapter 12 NFPP Configuration
12-48
0.0000.0001,port=Gi4/1,VLAN=1>. (2009-07-01 13:00:00)
The following example shows the describing information included in the sent TRAP messages:
Failed to isolate host<IP=N/A,MAC=0000.0000.0001,port=Gi4/1,VLAN=1>.
Caution
When it fails to allocate the memory to the detected attackers, it prompts the
message like “
%NFPP_DHCP_GUARD-4-NO_MEMORY: Failed to alloc memory.”
to inform the administrator.
This section shows the administrator how to configure the host-based rate-limit and attack
detection in the nfpp configuration mode and in the interface configuration mode:
Command Function
DES-7200# configure terminal
Enter the global configuration mode.
DES-7200(config)# nfpp
Enter the nfpp configuration mode.
DES-7200(config-nfpp)# dhcp-guard
rate-limit per-src-mac pps
Configure the dhcp-guard rate-limit, ranging from 1 to
9999, 5 by default.
per-src-mac: detect the hosts based on the source
MAC address/VID/port;
DES-7200(config)# dhcp-guard
attack-threshold per-src-mac pps
Configure the dhcp-guard attack threshold, ranging
from 1 to 9999, 10 by default. When the DHCP
packet number sent from a host exceeds the attack
threshold, the attack is detected and DHCP-guard
isolates the host, records the message and sends the
TRAP packet.
per-src-mac: detect the hosts based on the source
MAC address/VID/port;
DES-7200(config-nfpp)# end
Return to the privileged EXEC mode.
DES-7200# configure terminal
Enter the global configuration mode.
DES-7200(config)# interface
interface-name
Enter the interface configuration mode.