Optional) Configuring Broadcast Suppression In A Vlan; Optional) Enabling The Function Of Defense Against Attacks Of Icmp Packets On An Interface - Huawei Quidway S3700 Series Configuration Manual
Hide thumbs
Also See for Quidway S3700 Series:
- Configuration manual (398 pages) ,
- Quick start manual (70 pages) ,
- Manual (69 pages)
Table of Contents
Advertisement
Quidway S3700 Series Ethernet Switches
Configuration Guide - Security
The outgoing packets on the interface are blocked.
----End
9.3.3 (Optional) Configuring Broadcast Suppression in a VLAN
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
vlan vlan-id
The VLAN view is displayed.
Step 3 Run:
broadcast-suppression threshold-value
Suppression rate of broadcast packets in a VLAN is configured.
By default, broadcast packets in a VLAN are not suppressed.
----End
9.3.4 (Optional) Enabling the Function of Defense Against Attacks
of ICMP Packets on an Interface
You can set the threshold of ICMP packets to defend against attacks of ICMP packets on an
interface.
Context
On a network, ICMP packets are often used to attack devices. If a large number of ICMP request
packets are broadcast on the user side, they are sent to the CPU for processing. The CPU usage
is occupied seriously. As a result, other services cannot be processed normally.
The function of defense against attacks of ICMP packets on an interface is added on the S-switch.
To make suppression of ICMP packets take effect, disable the fast ICMP reply function.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
icmp rate-limit enable
Rate limit on ICMP packets is enabled on an interface.
By default, rate limit on ICMP packets is disabled on an interface.
Issue 01 (2011-07-15)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9 Traffic Suppression Configuration
216
Advertisement
Table of Contents
