Optional) Configuring Auto-Defend Function For Source Tracing; Optional) Setting The Sampling Ratio For Attack Source Tracing - Huawei Quidway S3700 Series Configuration Manual

Quidway S3700 Series Ethernet Switches
Configuration Guide - Security
auto-defend protocol { { arp | icmp | dhcp | igmp | ttl-expired | tcp | telnet } *
| all }
The protocol types supporting source tracing are specified.
By default, the S3700 traces the sources of ARP, ICMP, DHCP, IGMP, TCP, and Telnet packets
and the packets with TTL 1.
----End
6.4.7 (Optional) Configuring Auto-Defend Function for Source
Tracing
After finding the attack source, the S3700 takes measures to defend against the attack. These
measures can be configured by commands.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
cpu-defend policy policy-name
The attack defense policy view is displayed.
Step 3 Run:
auto-defend enable
Automatic attack source tracing is enabled.
By default, automatic attack source tracing is disabled. The timer is 300s.
Step 4 (Optional) Run:
auto-defend action deny [ timer second
The S3700 discards packets sent from an attack source.
By default, the auto-defend function is disabled.
----End
6.4.8 (Optional) Setting the Sampling Ratio for Attack Source
Tracing
The value of sampling ratio affects the attack source tracing result. If the sampling ratio is set
to a proper value, the attack source tracing result is accurate and CPU usage keeps in a normal
range.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Issue 01 (2011-07-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6 Local Attack Defense Configuration
]
188