Filter
Top Products
DES-7200 Configuration Guide Chapter 12 NFPP Configuration
12-49
Command Function
DES-7200(config-if)#nfpp dhcp-guard p
olicy per-src-mac rate-limit-pps attack-thr
eshold-pps
Configure the rate-limit and attack threshold on the
specified interface.
rate-limit-pps: set the rate-limit threshold. The valid
range is 1-9999 and by default, it adopts the global
rate-limit threshold value.
attack-threshold-pps: set the attack threshold. The
valid range is 1-9999 and by default, it adopts the
global attack threshold value.
per-src-mac: to detect the hosts based on the
source MAC/VID/port;
DES-7200(config-nfpp)# end
Return to the privileged EXEC mode.
DES-7200(config-if)# show nfpp
dhcp-guard summary
Show the parameter settings.
DES-7200# copy running-config
startup-config
Save the configurations.
12.6.7 Port-based
rate-limit and
attack detection
You can configure the dhcp-guard rate limt and attack threshold on the port. The rate limit
value must be less than the attack threshold value. When the DHCP packet rate on a port
exceeds the limit, the DHCP packets are dropped. When the DHCP packet rate on a port
exceeds the attack threshold limit, the CLI prompts and the TRAP packets are sent.
It prompts the following message when the DHCP DoS attack was detected on a port:
%NFPP_DHCP_GUARD-4-PORT_ATTACKED: DHCP DoS attack was detected on port
Gi4/1. (2009-07-01 13:00:00)
The following is additional information of the sent TRAP packet :
DHCP DoS attack was detected on port Gi4/1.
This section shows the administrator how to configure the port-based rate-limit and attack
detection in the nfpp configuration mode and in the interface configuration mode:
Command Function
DES-7200# configure terminal
Enter the global configuration mode.
DES-7200(config)# nfpp
Enter the nfpp configuration mode.