UMN:CLI
User Manual
V8102
466
slow down or to time out. The V8102 provides the attack guard function that controls traf-
fic for a specified port by threshold value. The threshold (%) rate of attack guard is based
on the number of packets per second (pps) that is calculated by 64-byte frame size. If the
number of incoming packets exceeds a given threshold, the system can shut down the
port or generate SNMP trap messages for warning when attack guard function is enabled
on this port. If the threshold (%) comes down to a given low threshold, it generates traps.
You can specify the packet type, a high threshold value and a low threshold for a port.
To enable/disable the attack guard function, use the following command.
Command
Mode
Description
attack-guard
{
broadcast
|
multicast
|
unicast
} <0-100>
<0-100> [
PORTS
]
Interface
[XE/GE/GPON/CG]
Enables the attack guard function according to its
packet type and sets the threshold.
PORTS: port number
0-100: high rate threshold percent (default: 80%)
0-100: low rate threshold percent (default: 20%)
no attack-guard
{
broadcast
|
multicast
|
unicast
} [
PORTS
]
Disable the attack guard function.
If the high threshold is set to 85% for 1G Ethernet port, the V8102 monitors the number of
configured packet type. The number of those packets exceeds 1,264,880 pps
(=14,880,95 * 0.85), the shutdown/trap action will be performed.
To determine the policy to take action when the incoming broadcast/multicast/unicast
packets exceed the configured threshold, use the following command.
Command
Mode
Description
attack-guard action shutdown
[
PORTS
]
Interface
[XE/GE/GPON/CG]
Shuts down the port if the amount of traffic ex-
ceeds a high threshold.
attack-guard
action
trap
[
PORTS
]
Generates a trap message when the amount of
traffic exceeds a high threshold.
no attack-guard action
{
shut-
down
|
trap
} [
PORTS
]
Disables the shutdown action or trap action on a
port when the attack guard function is enabled.
To display the attack guard configuration, use the following command.
Command
Mode
Description
show attack-guard
Enable
Interface
[XE/GE/GPON/CG]
Displays the attack guard configuration.
i