< Home

port-identification packet-number-threshold

Function

The port-identification packet-number-threshold command sets the threshold of packet quantity for port identification in the SA module.

The undo port-identification packet-number-threshold command restores the default threshold of packet quantity for port identification in the SA module.

By default, the threshold of packet quantity is 16.

Format

port-identification packet-number-threshold packets

undo port-identification packet-number-threshold

Parameters

Parameter Description Value
packets Specifies the number of packets. The value is an integer ranging from 1 to 64.

Views

SA view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

If packets exceeding the threshold are sent to the IAE and their applications cannot be identified, the SA module identifies the application by port. A high threshold compromises the application identification performance while a low threshold increases the false positive rate. The default value (16) is recommended.

Prerequisites

Before running this command, you must run the defence engine enable command to enable the IAE.

Example

# Set the threshold of packet quantity for port identification in the SA module to 32.

<HUAWEI> system-view
[HUAWEI] defence engine enable
[HUAWEI] sa
[HUAWEI-sa] port-identification packet-number-threshold 32
Parent Topic: ECA Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >