Table 1 lists the tasks for configuring local attack defense.
| Scenario | Tasks |
|---|---|
When configuring CPU attack defense, create an attack defense policy first. The other tasks can be performed in any sequence and can be selected as required. An attack defense policy takes effect only after it is applied to an object. There is no limitation on when the attack defense policy is applied. Creating an Attack Defense Policy Configuring a User-Defined Flow Configuring a Rule for Sending Packets to the CPU Configuring Dynamic CPCAR Adjustment for Protocol Packets Configuring Adaptive CPCAR Adjustment for Protocol Packets Enabling Alarm Reporting for Packet Loss Caused by CPCAR Exceeding |
|
When configuring attack source tracing, create an attack defense policy first and enable the attack source tracing function (enabled by default). The other tasks can be performed in any sequence and can be selected as required. An attack defense policy takes effect only after it is applied to an object. There is no limitation on when the attack defense policy is applied. Creating an Attack Defense Policy Enabling Attack Source Tracing Configuring the Threshold for Attack Source Tracing Setting the Packet Sampling Ratio for Attack Source Tracing Configuring an Attack Source Tracing Mode Configuring the Types of Traced Packets Configuring a Whitelist for Attack Source Tracing Configuring Event Reporting Function |
|
When configuring port attack defense, create an attack defense policy first and enable the port attack defense function (enabled by default). The other tasks can be performed in any sequence and can be selected as required. An attack defense policy takes effect only after it is applied to an object. There is no limitation on when the attack defense policy is applied. Creating an Attack Defense Policy Specifying the Protocols to Which Port Attack Defense Is Applied Setting the Rate Threshold for Port Attack Defense Setting the Sampling Ratio for Port Attack Defense Setting the Aging Time for Port Attack Defense Configuring the Whitelist for Port Attack Defense |
|
Configuring the User-Level Rate Limiting NOTE:
|
When configuring user-level rate limiting, enable the user-level rate limiting function first (enabled globally by default). The other tasks can be performed in any sequence and can be selected as required. By default, user-level rate limiting is enabled on interfaces. You can disable it on the interfaces where this function is not required. Enabling the User-Level Rate Limiting Configuring the User-Level Rate Limit Specifying the Packet Types to Which the User-Level Rate Limiting Applies |