ike security-log dos-attack

Function

The ike security-log dos-attack command enables the log for DoS attack.

The undo ike security-log dos-attack command disables the log for DoS attack.

By default, the log for DoS attack is disabled.

This command is supported only on the NetEngine 8000 F1A.

Format

ike security-log dos-attack [ threshold count ]

undo ike security-log dos-attack [ threshold ]

Parameters

Parameter	Description	Value
threshold count	Indicates the threshold value for the log.	It is an integer that ranges from 1 to 200. The default value is 120.

Parameter

Description

Value

threshold count

Indicates the threshold value for the log.

It is an integer that ranges from 1 to 200. The default value is 120.

Views

System view

Default Level

2: Configuration level

Task Name and Operations

Task Name	Operations
ike	write

Usage Guidelines

The CPU may come under DoS attack if there are many half open SAs in the IKE. Run ike security-log dos-attack command to enable the log when the system is under DoS attack.

Example

# Enable the log for DoS attack with threshold value as 99.

<HUAWEI> system-view
[~HUAWEI] ike security-log dos-attack threshold 99