DES-7200 Configuration Guide Chapter 12 NFPP Configuration
12-75
To restore the maximum number of monitored hosts to default value, execute "no
monitored-host-limit" command in NFPP defined guard configuration mode.
If the maximum number of monitored hosts has reached the default value of 1000 and the
administrator configures a value lower than 1000 by this time, the existing hosts being
monitored won't be deleted, but the following message will be displayed to remind the
administrator to clear a certain part of monitored hosts in order to effect the configuration:
"%ERROR: The value that you configured is smaller than current monitored hosts 1000
(number of monitored hosts configured), please clear a part of monitored hosts."
Caution
When the table of monitored hosts is full, the following
message will be displayed to remind the administrator: "%
NFPP_DEFINE-4-SESSION_LIMIT: Attempt to exceed limit
of name (name of defined guard type)'s 1000 (number of
monitored hosts configured) monitored hosts."
12.9.1.6 Configuring the Trusted Hosts Exempt from Monitoring
If the administrator expects not to monitor a host (i.e., the host is trusted), the command can
be configured. IP packets from trusted hosts are allowed to be sent to the CPU. Trusted hosts
can only be added after configuring the match rule.
Command Function
DES-7200#configure terminal
Enter global configuration mode.
DES-7200(config)#nfpp
Enter NFPP configuration mode.
DES-7200(config-nfpp)#define
name
Enter NFPP defined guard configuration mode
DES-7200(config-nfpp-define)#trus
ted-host {mac mac_mask | ip ma
sk | IPv6/prefixlen}
Configure trusted hosts exempt from monitoring.
You can configure up to 500 entries.
DES-7200(config-nfpp-define)#end
Return to privileged mode.
DES-7200# show nfpp define
trusted-host name
Display the trusted hosts configured.
DES-7200#copy running-config
startup-config
Save configurations.
In NFPP defined guard configuration mode, execute the corresponding "no" command to
delete one entry of trusted host. Use "no" form of this command and "all" option to delete all
trusted hosts.
To delete all trusted hosts:
DES-7200(config-nfpp-define)# no trusted-host all