FAQ-What Measures does MA5200G have to Prevent from Attacks from Users

Publication Date:  2012-07-27 Views:  169 Downloads:  0
Issue Description
Q:
What measures does MA5200G have to prevent from attacks from users? 
Alarm Information
Null
Handling Process
A: MA5200G usually has the following methods against attacks: 
1. eacl
Configure EACL for the ucl-group and intergroup that the user locates at to deny some common virus port number (similar to the prevention against attacks on network). 
2. host-car
host-car is configured for BAS interface, and the default value is 0 level. It is configurable, and it functions to discard the redundant packets when each VLAN user under the BAS interface sends more packets to MA5200G than the ceiling. 
[MA5200G_BAS]disp bas-inter ether 6/0/11.1                                
Access type                            : Layer2-subscriber                    
BASIF state                            : Updated                              
BASIF name                             : -                                    
Pre-authentication default domain      : lsw11_pre                            
Authentication default domain          : web                                  
Replace authentication domain forcibly : replace                              
Roam domain                            : default1                             
Accounting copy RADIUS server          : -                                    
Authentication method                  : [ppp] [web]                          
Nas port type                          : ethernet (15)                        
Client option82                        : Off                                  
DHCP broadcast                         : Off                                  
IP trigger                             : On                                   
IPTN                                   : Off                                  
Vpn Instance                           : --                                   
ARP proxy                              : Off                                  
ARP detect interval                    : 30 (s)                               
ARP detect retransmit times            : 5                                    
Host car level                         : 0                                    
Dot1x authentication trigger           : Off                                  
WLAN type                              : -                                    DHCP short lease                       : -                                    
[MA5200G_BAS]disp host-car 0                                                
Host-car level 0   :(kbps)                                                    
State              : Updated                                                  
Average-rate       :   1024                                                   
Peak-rate          :   5120         
3. system-bucket
system-bucket is for each service boards. If the packets sent to MA5200G by users under each LPU exceeds the threshold set by system-bucket, they will be discarded. 
[MA5200G_BAS]disp system-bucket                                             
#The slot number:   1                                                          
#The token ID:   1                                                             
The time of the last packets arrive:30739208                                   
The number of present tokens: 32674                                            
The traffic rate of the token:  32K                                            
The height of the token bucket:32768                                           
The number of the discarded packets:  10                                       
#The token ID:   2                                                             
The time of the last packets arrive:   0                                       
The number of present tokens: 32768                                            
The traffic rate of the token:  32K                                            
The height of the token bucket:32768                                           
The number of the discarded packets:   0                                       
For host-car and system-bucket, they have default values, and it is not necessary to adjust. 
Root Cause
Null
Suggestions
Null

END