- Table of Contents
-
- 07-Security Configuration Guide
- 00-Preface
- 01-Security Overview
- 02-AAA Configuration
- 03-802.1X Configuration
- 04-MAC Authentication Configuration
- 05-Portal Configuration
- 06-Port Security Configuration
- 07-User Profile Configuration
- 08-Password Control Configuration
- 09-Public Key Configuration
- 10-PKI Configuration
- 11-SSH Configuration
- 12-SSL Configuration
- 13-SSL VPN Configuration
- 14-TCP Attack Protection Configuration
- 15-ARP Attack Protection Configuration
- 16-IPsec Configuration
- 17-ALG Configuration
- 18-Firewall Configuration
- 19-Session Management Configuration
- 20-Web Filtering Configuration
- 21-User Isolation Configuration
- 22-Source IP Address Verification Configuration
- 23-FIPS Configuration
- 24-Protocol Packet Rate Limit Configuration
- 25-Attack detection and protection configuration
- Related Documents
-
Title | Size | Download |
---|---|---|
24-Protocol Packet Rate Limit Configuration | 39.79 KB |
Configuring protocol packet rate limit
Enabling protocol packet rate limit
Enabling per-protocol bandwidth limit
Configuring the threshold for per-protocol bandwidth limit
Configuring the threshold for per-flow bandwidth limit
Displaying and maintaining protocol packet rate limit
Configuring protocol packet rate limit
This feature helps you rate-limit packets of a specific protocol to prevent the packets from occupying too much bandwidth.
Protocol packets can be rate-limited in the following modes:
· Bandwidth limit per protocol—You set a maximum bandwidth for packets of a specific protocol. When the maximum bandwidth is exceeded, the packets are discarded.
· Bandwidth limit per flow—You set a maximum bandwidth for each flow to ensure that the same kind of requests from all users are fairly treated. Packets of the same protocol and from the same user are considered as one flow. The system records the number of passed and dropped protocol packets to help network administrators locate problems. Bandwidth limit per flow takes effect only when bandwidth limit per protocol takes effect.
Enabling protocol packet rate limit
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enable protocol packet rate limit. |
anti-attack enable |
By default, protocol packet rate limit is disabled. |
Enabling per-protocol bandwidth limit
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enable per-protocol bandwidth limit. |
anti-attack protocol { all | protocol } enable |
By default, per-protocol bandwidth limit is disabled for all protocols. To display the protocols whose packets can be rate limited, use the display anti-attack protocol command. |
Configuring the threshold for per-protocol bandwidth limit
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Configure the threshold for per-protocol bandwidth limit. |
anti-attack protocol protocol threshold rate-limit |
Optional. Each protocol has a default threshold. You can use the display anti-attack protocol { protocol } command to view the default threshold for a protocol. |
Configuring the threshold for per-flow bandwidth limit
Step |
Command |
Remarks |
1. Enter system view. |
system-view |
N/A |
2. Enable per-flow bandwidth limit and configure the threshold. |
anti-attack protocol protocol flow-threshold flow-rate-limit |
By default, per-flow bandwidth limit is disabled for packets of all protocols. |
Table 1 Supported number of flows of each device
Device type |
WX3500E/WX5000 series |
WX6000 series |
WX3000/ WX3000E series |
WX5500E series |
Supported number of flows |
4096 |
8192 |
1024 |
8192 |
|
NOTE: Support for the number of flows varies by device model. The system automatically clears all flow entries when the maximum number is reached. |
Displaying and maintaining protocol packet rate limit
Task |
Command |
Remarks |
Display rate limit information about the specified protocol or all protocols. |
display anti-attack { all | protocol [ protocol ] } |
Available in any view. |