S600-E V200R019C10 Configuration Guide - Security
This document describes the configurations of Security, including ACL, Local Attack Defense, MFF, Attack Defense, Traffic Suppression and Storm Control, ARP Security, Port Security, DHCP Snooping, ND Snooping, IPv6 RA Guard, PPPoE+, IPSG, SAVI, PKI, OLC, Separating the Management Plane from the Service Plane, and Security Risks.
Summary of Local Attack Defense Configuration Tasks
Table 3-5 lists the tasks for configuring local attack defense.
Scenario | Tasks |
---|---|
When configuring CPU attack defense, create an attack defense policy first. The other tasks can be performed in any sequence and can be selected as required. An attack defense policy takes effect only after it is applied to an object. There is no limitation on when the attack defense policy is applied. Creating an Attack Defense Policy |
|
When configuring attack source tracing, create an attack defense policy first and enable the attack source tracing function (enabled by default). The other tasks can be performed in any sequence and can be selected as required. An attack defense policy takes effect only after it is applied to an object. There is no limitation on when the attack defense policy is applied. Creating an Attack Defense Policy Enabling Attack Source Tracing Configuring the Threshold for Attack Source Tracing Setting the Packet Sampling Ratio for Attack Source Tracing Configuring an Attack Source Tracing Mode Configuring the Types of Traced Packets Configuring a Whitelist for Attack Source Tracing Configuring Event Reporting Function |
|
When configuring port attack defense, create an attack defense policy first and enable the port attack defense function (enabled by default). The other tasks can be performed in any sequence and can be selected as required. An attack defense policy takes effect only after it is applied to an object. There is no limitation on when the attack defense policy is applied. Creating an Attack Defense Policy Specifying the Protocols to Which Port Attack Defense Is Applied Setting the Rate Threshold for Port Attack Defense Setting the Sampling Ratio for Port Attack Defense Setting the Aging Time for Port Attack Defense Configuring the Whitelist for Port Attack Defense |