DES-7200 Configuration Guide Chapter 12 NFPP Configuration
12-82
DES-7200(config-if)#nfpp define
name policy per-port rate-limit-pps
attack-threshold-pps
The local rate-limiting threshold and attack
threshold configured will only apply to the
associated port.
per-port means to take data rate statistics as
per the physical port receiving packets.
Rate-limit-pps means the rate-limiting
threshold (1-9999). By default, no rate limiting
will be implemented. Packets exceeding the
rate-limiting threshold will be discarded.
Attack-threshold-pps means the attack
threshold (1-9999). When the packets of
defined type exceed the attack threshold, an
attack is considered existing and will be
logged. The traps will be sent.
By default, no rate limiting will be
implemented.
The attack threshold must be greater than or
equal to the rate-limiting threshold.
DES-7200(config-if)#end
Return to privileged mode.
DES-7200#show nfpp define
summary name
Verify configurations.
DES-7200#copy running-config
startup-config
Save configurations.
Caution
The priority of host-based rate limiting is higher than that of
port-based rate limiting.
If per-port policy is not configured globally, when configuring
per-port policy on the port, the following message will be
displayed to remind the administrator that the configuration
has failed: "%ERROR: name (name of defined guard) has not
per-port policy."
12.9.1.9 Applying Defined-guard
The administrator can apply defined guard in NFPP configuration mode or interface
configuration mode. This feature is disabled by default.