No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 13

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Default Configuration

Default Configuration

This section provides the default configuration of local attack defense. You can change the configuration as required.

Table 12-17 and Table 12-18 list the default configuration of local attack defense.

Table 12-17 Default configuration of CPU attack defense

Parameter

Default Setting

CPU attack defense policy

CPU attack defense policy named devicename-default

Blacklist

None

CAR value

By default, the device for packets sent to the CPU by devicename-default policy default speed limit value, to check the CAR value, run the display cpu-defend configuration command.

Limit on the number of packets sent to the CPU

A maximum of 5120 packets can be sent to the CPU of the device per second.

Table 12-18 Default configuration of attack source tracing

Parameter

Default Setting

Attack defense policy

Attack defense policy named devicename-default

Automatic attack source tracing

Disabled

Threshold for attack source tracing

128 pps

Packet sampling ratio for attack source tracing

8

Attack source tracing mode

Attack source tracing based on source MAC addresses and source IP addresses

Types of traced packets

ARP, DHCP, DHCPv6, ICMP, ICMPv6, MLD, ND, IGMP, and TTL-expired packets

Whitelist

None

Alarm function for attack source tracing

Disabled

Alarm threshold for attack source tracing

128 pps

Punishment for attack source tracing

Disabled

Translation
Download
Updated: 2019-12-13

Document ID: EDOC1000041694

Views: 59969

Downloads: 3623

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next