The auto-port-defend aging-time command configures the aging time for port attack defense.
The undo auto-port-defend aging-time command restores the default aging time for port attack defense.
By default, the aging time for port attack defense is 300 seconds.
| Parameter | Description | Value |
|---|---|---|
| aging-time time | Specifies the aging time for port attack defense. | The value is an integer that ranges from 30 to 86400, and must be a multiple of 10. The unit is second. |
Usage Scenario
After a device with port attack defense function enabled detects an attack on a port, the device traces the source and limits the rate of the attack packets on the port within the aging time (T seconds). When the aging time expires, the device calculates the protocol packet rate on the port again. If the rate is still above the protocol rate threshold, the device keeps tracing the source and limits the rate of the attack packets; otherwise, the device stops the operations.
If the aging time is too short, the device frequently starts packet rate detection on ports, which consumes CPU resources. If the aging time is too long, protocol packets cannot be promptly processed by the CPU, which affects services. Therefore, you need to run the auto-port-defend aging-time command to set an appropriate aging time according to the CPU usage and service status.
Prerequisites
The port attack defense function has been enabled using the auto-port-defend enable command.
Precautions
If you run the auto-port-defend aging-time command multiple times in the same attack defense policy view, only the latest configuration takes effect.