Filter
Top Products
DES-7200 Configuration Guide Chapter 12 NFPP Configuration
12-80
Caution
The priority of source MAC/VID/port based rate limiting is
higher than that of source IP/VID/port based rate limiting.
The policy of port-based host detection shall be same with
the global policy.
If per-src-ip policy is not configured globally, when
configuring per-src-ip policy on the port, the following
message will be displayed to remind the administrator that
the configuration has failed: "%ERROR: name (name of
defined guard) has not per-src-ip policy."
If per-src-mac policy is not configured globally, when
configuring per-src-mac policy on the port, the following
message will be displayed to remind the administrator that
the configuration has failed: "%ERROR: name (name of
defined guard) has not per-src-mac policy."
When it is unable to allocate memory for the attacker
detected, the following message will be displayed to remind
the administrator:
"%NFPP_DEFINE_GUARD-4-NO_MEMORY: Failed to
allocate memory."
12.9.1.8 Port-based rate-limit and attack detection
You can configure port-based rate-limiting threshold and attack threshold for the guard policy,
and the rate-limiting threshold shall be lower than the attack threshold. When the data rate of
defined type of packets from certain port exceeds the rate-limiting threshold, the excessive
packets will be discarded. If the data rate of defined type of packets from certain port exceeds
the attack threshold, the port will be logged and the Trap will be sent as well.
When the port is subject to ARP DoS attack, the following alert message will be displayed:
%NFPP_DEFINE_GUARD-4-PORT_ATTACKED: name (name of defined guard) DoS attack
was detected on port Gi4/1. (2009-07-01 13:00:00)
The Traps sent will include the following descriptive information:
Name (name of defined guard) DoS attack was detected on port Gi4/1.
The administrator can configure in NFPP defined guard configuration mode and interface
configuration mode:
Command Function
DES-7200#configure terminal
Enter global configuration mode.
DES-7200(config)#nfpp
Enter NFPP configuration mode.