Configuring the Report of Port Attack Defense Events

Context

If a port undergoes a DoS attack, the malicious attack packets sent from this port to the CPU occupy bandwidth. As a result, the CPU cannot process the protocol packets sent from other ports, and services are interrupted. In this situation, you can enable the report of port attack defense events. When the rate of protocol packets on a port exceeds the check threshold, the switch reports an event to notify the network administrator, so that the administrator can promptly take measures to protect the switch.

Procedure

Run system-view
The system view is displayed.
Run cpu-defend policy policy-name
The attack defense policy view is displayed.

Configure the report of port attack defense events.

Run auto-port-defend alarm enable
The report of port attack defense events is enabled.

By default, port attack defense events are not reported.

Run auto-port-defend protocol { all | arp-request | arp-request-uc | arp-reply | dhcp | icmp | igmp | ip-fragment } threshold threshold

The rate threshold for port attack defense is set.

The following table lists the default rate thresholds for different protocols in port attack defense.

Choose Columns...

Packet Type	Rate Threshold
arp-request	60 pps for the S5720-EI, S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735S-S, S5735-S-I, S6720S-EI, and S6720-EI, 120 pps for the S5720-HI, S5730-HI, S5731-H, S5731S-H, S5731-S, S5731S-S, S5732-H, S6730-H, S6730S-H, S6730-S, S6730S-S, and S6720-HI, and 30 pps for other switch models
arp-request-uc	60 pps for the S5720-EI, S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735S-S, S5735-S-I, S6720S-EI, and S6720-EI, 120 pps for the S5720-HI, S5730-HI, S5731-H, S5731S-H, S5731-S, S5731S-S, S5732-H, S6730-H, S6730S-H, S6730-S, S6730S-S, and S6720-HI
arp-reply	60 pps for the S5720-EI, S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735S-S, S5735-S-I, S6720S-EI, and S6720-EI, 120 pps for the S5720-HI, S5730-HI, S5731-H, S5731S-H, S5731-S, S5731S-S, S5732-H, S6730-H, S6730S-H, S6730-S, S6730S-S, and S6720-HI, and 30 pps for other switch models
dhcp	60 pps for the S5720-EI, S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735S-S, S5735-S-I, S6720S-EI, and S6720-EI, 120 pps for the S5720-HI, S5730-HI, S5731-H, S5731S-H, S5731-S, S5731S-S, S5732-H, S6730-H, S6730S-H, S6730-S, S6730S-S, and S6720-HI, and 30 pps for other switch models
icmp	120 pps for the S5720-HI, S5730-HI, S5731-H, S5731S-H, S5731-S, S5731S-S, S5732-H, S6730-H, S6730S-H, S6730-S, S6730S-S, and S6720-HI, and 60 pps for other switch models
igmp	120 pps for the S5720-HI, S5730-HI, S5731-H, S5731S-H, S5731-S, S5731S-S, S5732-H, S6730-H, S6730S-H, S6730-S, S6730S-S, and S6720-HI, and 60 pps for other switch models
ip-fragment	30 pps
nd	60 pps for the S5720-EI, S6720S-EI, and S6720-EI, 120 pps for the S5720-HI, S5730-HI, S5731-H, S5731S-H, S5731-S, S5731S-S, S5732-H, S6730-H, S6730S-H, S6730-S, S6730S-S, and S6720-HI, and 30 pps for other switch models