The anti-attack flood blacklist enable command enables the flood blacklist function.
The undo anti-attack flood blacklist enable command disables the flood blacklist function.
By default, the flood blacklist function is disabled.
anti-attack flood { arp | dhcp | dhcpv6 | igmp | mdns | nd | other-broadcast | other-multicast } blacklist enable
undo anti-attack flood { arp | dhcp | dhcpv6 | igmp | mdns | nd | other-broadcast | other-multicast } blacklist enable
Parameter |
Description |
Value |
|---|---|---|
arp |
Indicates whether to enable the ARP flood blacklist function. |
- |
dhcp |
Indicates whether to enable the DHCP flood blacklist function. |
- |
dhcpv6 |
Indicates whether to enable the DHCPv6 flood blacklist function. |
- |
igmp |
Indicates whether to enable the IGMP flood blacklist function. |
- |
mdns |
Indicates whether to enable the mDNS flood blacklist function. |
- |
nd |
Indicates whether to enable the ND flood blacklist function. |
- |
other-broadcast |
Indicates whether to enable the flood blacklist function for broadcast packets other than ARP, DHCP, DHCPv6, and ND packets. |
- |
other-multicast |
Indicates whether to enable the flood blacklist function for multicast packets other than IGMP and mDNS packets. |
- |
Usage Scenario
After the protocol-based flood blacklist function is enabled, the device considers traffic of a specified protocol (such as DHCP or ARP) with a rate higher than that specified in anti-attack flood sta-rate-threshold a flood attack and adds the STA to the blacklist.
Prerequisites
The flood prevention function has been enabled using the undo anti-attack flood disable command.