Filter
Top Products
DES-7200 Configuration Guide Chapter 12 NFPP Configuration
12-67
12.8.4.1 Showing ND-guard configuration
Use this command to show the ND-guard configurations.
Command Function
DES-7200# show nfpp nd-guard
summary
Show the ND-guard configurations.
For example,
DES-7200# show nfpp nd-guard summary
(Format of column Rate-limit and Attack-threshold is NS-NA/RS/RA-REDIRECT.)
Interface Status Rate-limit Attack-threshold
Global Enable 20/5/10 40/10/20
G 0/1 Enable 15/15/15 30/30/30
G 0/2 Disable -/5/30 -/10/50
Note
Field Description
Interface Global refers to the global configuration.
Status Enable/disable the arp-guard.
Rate-limit In the format of NS-NA rate-limit threshold / RS
rate-limit threshold / RA-redirect rate-limit
threshold.
Attack-threshold In the same format of the Rate-limit.
- No configuration.
12.9 Defined-guard
12.9.1 Defined-guard
Overview
There are a great variety of network protocols, including such routing protocols as OSPF, BGP,
RIP and etc. Protocol communication is realized by exchanging packets between different
devices, and the exchange packets must be delivered to the CPU in order to be processed by
respective protocols. Once a protocol is running on the network device, a "window" is opened
to potential attackers. If the attacker sends excessive protocol packets to the network device,
the CPU resource of the device will be heavily consumed, and the device may not work
properly.