By default, the device calculates the rate of all protocol packets, including ARP Request, ARP Reply, DHCP, ICMP, IGMP, and IP fragment packets, received by a port, and traces the source and limits the rate of attack packets. If the packets exceeding rate threshold contain only a few attack packets, you can cancel port attack defense for unneeded protocol types. If the device limits the rate of too many protocols, services are affected. Therefore, you need to specify the protocols to which port attack defense is applied.
The system view is displayed.
The attack defense policy view is displayed.
The protocols to which port attack defense is applied are specified.
By default, port attack defense is applicable to ARP Request, Unicast ARP Request, ARP Reply, DHCP, ICMP, IGMP, IP fragment, and ND packets.