The anti-attack flood sta-rate-threshold command sets the flood threshold.
The undo anti-attack flood sta-rate-threshold command restores the default flood threshold.
The default flood threshold is 4 pps for ARP, DHCP, DHCPv6, IGMP, and mDNS packets, 8 pps for ND packets, 10 pps for broadcast packets other than ARP, DHCP, DHCPv6, and ND packets, and 10 pps for multicast packets other than IGMP and mDNS packets.
anti-attack flood { arp | dhcp | dhcpv6 | igmp | mdns | nd | other-broadcast | other-multicast } sta-rate-threshold sta-rate-threshold
undo anti-attack flood { arp | dhcp | dhcpv6 | igmp | mdns | nd | other-broadcast | other-multicast } sta-rate-threshold
Parameter |
Description |
Value |
|---|---|---|
arp |
Specifies ARP packets. |
- |
dhcp |
Specifies DHCP packets. |
- |
dhcpv6 |
Specifies DHCPv6 packets. |
- |
igmp |
Specifies IGMP packets. |
- |
mdns |
Specifies mDNS packets. |
- |
nd |
Specifies ND packets. |
- |
other-broadcast |
Specifies broadcast packets other than ARP, DHCP, DHCPv6, and ND packets. |
- |
other-multicast |
Specifies multicast packets other than IGMP and mDNS packets. |
- |
sta-rate-threshold |
Specifies the rate threshold of broadcast traffic from STAs. |
The value is an integer that ranges from 1 to 5000, in pps. |
Usage Scenario
After the flood prevention function is enabled, you can set the broadcast traffic threshold.
When the traffic rate exceeds the threshold, the device considers a flood attack from the STA and discards the traffic. This prevents the upper-layer network from being affected by the flood.
If the flood blacklist function is enabled using the anti-attack flood blacklist enable command, the device adds flood STAs to the blacklist.
Prerequisites
The flood prevention function has been enabled using the undo anti-attack flood disable command.