< Home

anti-attack fragment car

Function

The anti-attack fragment car command sets the rate limit of packet fragments.

The undo anti-attack fragment car command restores the rate limit of packet fragments.

By default, the rate limit of packet fragments is 155000000 bit/s.

Format

anti-attack fragment car cir cir

undo anti-attack fragment car

Parameters

Parameter

Description

Value
cir cir

Specifies the committed information rate (CIR) of packet fragments.

The value is an integer that ranges from 8000 to 155000000, in bit/s.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After defense against packet fragment attacks is enabled, run the anti-attack fragment car command to set the rate limit of packet fragments. If the rate of received packet fragments exceeds the rate limit, the device discards excess packet fragments to ensure that the device CPU works properly.

Prerequisites

Defense against packet fragment attacks has been enabled using the anti-attack fragment enable command.

Example

# Set the rate limit of packet fragments to 8000 bit/s.

<HUAWEI> system-view
[HUAWEI] anti-attack fragment enable
[HUAWEI] anti-attack fragment car cir 8000
Parent Topic: Attack Defense Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >