Login
- Table of Contents
-
- 07-Security Command Reference
- 00-Preface
- 01-AAA Commands
- 02-802.1X Commands
- 03-MAC Authentication Commands
- 04-Portal Commands
- 05-Port Security Commands
- 06-User Profile Commands
- 07-Password Control Commands
- 08-Public Key Commands
- 09-PKI Commands
- 10-SSH Commands
- 11-SSL Commands
- 12-SSL VPN Commands
- 13-TCP Attack Protection Commands
- 14-ARP Attack Protection Commands
- 15-IPsec Commands
- 16-ALG Commands
- 17-Firewall Commands
- 18-Session Management Commands
- 19-Web Filtering Commands
- 20-User Isolation Commands
- 21-Source IP Address Verification Commands
- 22-FIPS Commands
- 23-Protocol Packet Rate Limit Commands
- 24-Attack detection and protection commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 23-Protocol Packet Rate Limit Commands | 38.77 KB |
Protocol packet rate limit commands
anti-attack protocol threshold
anti-attack protocol flow-threshold
Protocol packet rate limit commands
anti-attack enable
Use anti-attack enable to enable protocol packet rate limit.
Use undo anti-attack enable to disable protocol packet rate limit.
Default
Protocol packet rate limit is disabled.
Syntax
anti-attack enable
undo anti-attack enable
Views
System view
Default command level
2: System level
Examples
# Enable protocol packet rate limit.
<Sysname> system-view
[Sysname] anti-attack enable
anti-attack protocol enable
Use anti-attack protocol enable to enable per-protocol bandwidth limit.
Use undo anti-attack protocol enable to disable per-protocol bandwidth limit.
Syntax
anti-attack protocol { all | protocol } enable
undo anti-attack protocol { all | protocol } enable
Default
Per-protocol bandwidth limit is disabled for packets of all protocols.
Views
System view
Default command level
2: System level
Parameters
all: Specifies all protocols.
protocol: Specifies a protocol by its type, a string of 1 to 31 characters.
Examples
# Enable per-protocol bandwidth limit for ARP frames.
<Sysname> system-view
[Sysname] anti-attack protocol arp enable
anti-attack protocol threshold
Use anti-attack protocol threshold to configure the threshold for per-protocol bandwidth limit.
Use undo anti-attack protocol threshold to restore the default.
Syntax
anti-attack protocol protocol threshold limit-rate
undo anti-attack protocol protocol threshold
Default
Each protocol has a default threshold.
Views
System view
Default command level
2: System level
Parameters
protocol: Specifies a protocol by its name, a string of 1 to 31 characters.
limit-rate: Specifies the threshold for per-protocol bandwidth limit, in the range of 0 to 102400 pps. When the maximum bandwidth is exceeded, the packets are discarded.
Examples
# Configure the threshold for per-protocol bandwidth limit for ARP frames as 1000 pps.
<Sysname> system-view
[Sysname] anti-attack protocol arp threshold 1000
anti-attack protocol flow-threshold
Use anti-attack protocol flow-threshold to enable per-flow bandwidth limit and configure the threshold.
Use undo anti-attack protocol flow-threshold to disable per-flow bandwidth limit.
Syntax
anti-attack protocol protocol flow-threshold flow-limit-rate
undo anti-attack protocol protocol flow-threshold
Default
Per-flow bandwidth limit is disabled for packets of all protocols.
Views
System view
Default command level
2: System level
Parameters
protocol: Specifies a protocol by its name, a string of 1 to 31 characters.
flow-limit-rate: Specifies the per-flow bandwidth limit threshold in the range of 0 to 102400 pps. When the maximum bandwidth is exceeded, the packets are discarded.
Examples
# Configure the per-flow bandwidth limit threshold for ARP frames as 50 pps.
<Sysname> system-view
[Sysname] anti-attack protocol arp flow-threshold 50
display anti-attack
Use display anti-attack to display protocol packet rate limit information.
Syntax
display anti-attack { all | protocol [ protocol ] }
Views
Any view
Default command level
2: System level
Parameters
all: Specifies all protocols.
protocol [ protocol ]: Specifies a protocol by its type, a string of 1 to 31 characters.
Examples
# Display states of the rate limit function for all protocols.
<Sysname> display anti-attack protocol
Enable Protocols: dhcp arp
Disable Protocols: default udp tcp dot1x igmp ntp snmp telnet icmp lwapp
loopback pppoe iactp acsei iec wlanex stp meshaction lwapp_data dot11_ctrl
iactp_eapol svp ipc http ip ipv6 ethernet radius vrrp capwap_ctrl
capwap_data dot11_auth dot11_assoc dot11_reassoc dot11_null
Table 1 Command output
|
Field |
Description |
|
Enable Protocols |
Protocols with rate limit enabled. |
|
Disable Protocols |
Protocols with rate limit disabled. |
# Display rate limit information for all protocols.
<Sysname>display anti-attack all
Anti-attack statistics
--------------------------------------------------------------------------------
Protocol Priority Limit(pps) Rate(pps) Passed Dropped
--------------------------------------------------------------------------------
default 2 256 0 3 0
udp 2 2048 0 0 0
tcp 2 1024 0 0 0
dot1x 1 1024 0 0 0
dhcp 2 2000 0 0 0
igmp 2 1024 0 0 0
ntp 2 256 0 0 0
arp 1 1024 0 1 0
snmp 0 1024 0 0 0
telnet 0 1024 0 0 0
icmp 0 1024 0 4 0
lwapp 1 2048 0 0 0
loopback 2 40 0 0 0
pppoe 1 1024 0 0 0
iactp 1 2560 0 0 0
acsei 2 128 0 0 0
iec 0 128 0 0 0
wlanex 2 2048 0 0 0
stp 2 2048 0 0 0
meshaction 2 1024 0 0 0
lwapp_data 1 2048 0 0 0
dot11_ctrl 1 512 0 0 0
iactp_eapol 1 2048 0 0 0
svp 2 40 0 0 0
ipc 2 40 0 0 0
http 1 1024 0 0 0
ip 2 2560 0 0 0
ipv6 2 128 0 0 0
ethernet 2 128 0 0 0
radius 1 2048 0 0 0
vrrp 1 2048 0 0 0
capwap_ctrl 1 2048 0 0 0
capwap_data 1 2048 0 0 0
dot11_auth 1 256 0 0 0
dot11_assoc 1 256 0 0 0
dot11_reassoc 1 256 0 0 0
dot11_null 1 1024 0 0 0
Table 2 Command output
|
Field |
Description |
|
Protocol |
Protocol name. |
|
Priority |
Processing priority value of the protocol, in the range of 0 to 4. A smaller value represents a higher priority. |
|
Limit(pps) |
Rate limit value. This field displays the default value if you have not configured it. |
|
Rate(pps) |
Current rate of the protocol packets. |
|
Passed |
Number of passed packets. |
|
Dropped |
Number of dropped packets. |
# Display rate limit information for ICMP packets.
<Sysname> display anti-attack protocol icmp
Anti-attack statistics
--------------------------------------------------------------------------------
Protocol Priority Limit(pps) Rate(pps) Passed Dropped
--------------------------------------------------------------------------------
icmp 0 1024 4 50 0
--------------------------------------------------------------------------------
Flow-Source FlowRate(pps) Passed Dropped
--------------------------------------------------------------------------------
1.1.1.10 2 40 0
1.1.1.20 1 10 0
Table 3 Command output
|
Field |
Description |
|
Flow-Source |
Source of the flow. |
|
FlowRate(pps) |
Current rate of the flow. |
