cpu-defend host-car enable

Usage Scenario

User-side hosts are prone to virus attacks. Infected hosts may send a large number of protocol packets to network devices, causing a high CPU usage and degraded performance on the devices and affecting services. You can configure the user-level rate limiting to resolve this problem. User-level rate limiting identifies users by user MAC addresses and limits the rates of specified packets for both wired and wireless users. By default, the threshold for each user MAC address is 10 pps.

The user-level rate limiting is more precise than CPCAR (based on switches) and port attack defense (based on interfaces) because it is user-specific and has little impact on online users.

Precautions

• After you run the undo cpu-defend host-car enable command to disable user-level rate limiting, all configurations related to user-level rate limiting are deleted or restored to the default values.
• You are advised to disable user-level rate limiting on network-side ports of access switches and network interconnection interfaces of gateway switches.

• During user-level rate limiting, the system performs a hash calculation for the source MAC addresses of specified packets, and places the packets into different buckets. Therefore, multiple users may share the rate limit. When the traffic volume is heavy on the network, packets may be dropped. If you confirm that these users are authorized, run the cpu-defend host-car mac-address mac-address command to increase the rate threshold for the specified MAC addresses.