DES-7200 Configuration Guide Chapter 12 NFPP Configuration
12-57
monitored-host-limit command in the nfpp configuration mode.
If the monitored host number has reached the default 1000, and the administrator sets the
monitored host limit smaller than 1000, the existent moniored hosts will not be deleted and it
will prompt the message “
%ERROR: The value that you configured is smaller than current
monitored hosts 1000,please clear a part of monitored hosts.”
to notify the administrator of
the invalid configuration and removing a part of the monitored hosts.
Caution
It prompts the message that
“% NFPP_DHCPV6_GUARD-4-SESSION_LIMIT: Attempt
to exceed limit of 1000 monitored hosts.”
if the monitored host table is full.
12.7.6 Host-based
rate-limit and
attack detection
Use the source MAC/VID/port-based method to detect the host-based attack. For each attack
detection, you can configure the rate-limit threshold and attack threshold (also called warning
threshold). The DHCPv6 packet will be dropped when the packet rate exceeds the rate-limit
threshold. When the DHCPv6 packet rate exceeds the warning threshold, it will prompt the
warning messages and send the TRAP message.
It prompts the following message if the DHCPv6 DoS attack was detected:
%NFPP_DHCPV6_GUARD-4- DOS_DETECTED:Host<IP=N/A,MAC=0000.0000.0001,port=G
i4/1,VLAN=1> was detected. (2009-07-01 13:00:00)
The following example shows the describing information included in the sent TRAP messages:
DHCPV6 DoS attack from host<IP=N/A,MAC=0000.0000.0001,port=Gi4/1,VLAN=1>
was detected.
If the isolated time is not set as 0 by the administrator, when the hardware isolation succeeds,
it prompts:
%NFPP_DHCPV6_GUARD-4-ISOLATED:Host <IP= N/A,MAC=0000.0000.0001,port=Gi4/
1,VLAN=1> was isolated. (2009-07-01 13:00:00)
The following example shows the describing information included in the sent TRAP messages:
Host<IP=N/A,MAC=0000.0000.0001,port=Gi4/1,VLAN=1> was isolated.
When it fails to isolate the hardware due to a lack of memory or hardware resources, it
prompts: