The auto-port-defend sample command sets the protocol packet sampling ratio for port attack defense.
The undo auto-port-defend sample command restores the default protocol packet sampling ratio for port attack defense.
By default, the protocol packet sampling ratio for port attack defense is 5. That is, one packet is sampled when every 5 packets are received.
| Parameter | Description | Value |
|---|---|---|
| sample sample-value | Specifies the protocol packet sampling ratio for port attack defense. | The value is an integer that ranges from 1 to 1024. |
Usage Scenario
A device with port attack defense enabled identifies attacks by analyzing sampled packets. There may be errors in attack packet identification or packet rate calculation. Errors influence the attack defense effect. An appropriate sampling ratio helps you control attack defense accuracy.
A small sampling ratio improves attack defense accuracy, but consumes more CPU resources. When the sampling ratio is set to 1, the device analyzes every packet. The attack packets can be detected quickly, but CPU usage becomes high and services are affected. Therefore, make a balance between the attack defense requirement and CPU usage to decide a sampling ratio.
Prerequisites
The port attack defense function has been enabled using the auto-port-defend enable command.
Precautions
If the protocol packet rate threshold for port attack defense is set to a small value, the attack identification error caused by packet sampling ratio is large.