Table of Contents
Advertisement
106.3 DDoS Setup
The show dos status command displays the current DDoS configuration status:
OLT2406# show dos status
Item
----
-----------------------------------------------
1
Source IP equal Destination IP
2
MAC Source Addr equal MAC Destination Addr
3
MAC Source Addr are zero
4
TCP flags : SYN = 1 & ACK = 0 & SRC_Port < 1024
5
TCP flags : All TCP flags = 0
6
V4 first fragment check
7
TCP flags : FIN = 1 & URG = 1 & PSH = 1
8
TCP flags : SYN = 1 & FIN = 1
9
TCP Source Port equal Destination Port
10
UDP Source Port equal Destination Port
11
TCP packets with not full TCP header
12
TCP Header offset equals to 1 are dropped
13
Enable ICMP size check
14
Fragmented ICMP packets check
You can use the dos enable <item_number|all> command to enable a specific item or all items,
and the no dos enable <item_number|all> command to disable them.
106.4 CPU Protection and DDoS Commands
This table describes the CPU protection and DDoS commands.
Table 379 CPU protection and DDoS Commands
COMMAND
show cpu-protection interface
port-channel <aid>
clear cpu-protection interface
port-channel <aid>
CPU-limit ARP
CPU-limit ARP inactive
CPU-limit ARP rate <64 to 1,000,000
kbps>
interface port-channel
Chapter 106 CPU Protection and DDoS
DESCRIPTION
Displays the interface's CPU protection settings.
aid: slot-<slot> | <ge|msc|pon>-
<slot>-<port>
Clears the interface's CPU protection counter.
aid: slot-<slot> | <ge|msc|pon>-<slot>-
<port>
Enables the CPU to limit broadcast ARP packets. C
Disables the CPU to limit broadcast ARP
packets.
Sets the limit of the ARP packet rate.
64 to 1,000,000 kbps
Displays the CPU protection help.
OLT2406 User's Guide
720
Name
Status
-------
enable
enable
enable
disable
disable
disable
disable
disable
disable
disable
disable
disable
disable
disable
, default: 64
M
P
E
3
E
3
13
C
13
C
13
C
13
Advertisement
Table of Contents
Troubleshooting
