Packet Attack Prevention Configuration; Configuration Example - 3Com 8807 Configuration Manual
8800 series
Hide thumbs
Also See for 8807:
- Command reference manual (1099 pages) ,
- Installation manual (104 pages) ,
- Product manual (15 pages)
Table of Contents
Advertisement
230
C
25: 802.1
HAPTER
Packet Attack
Prevention
Configuration
802.1x Configuration
Example
C
X
ONFIGURATION
Table 195 Display and debug 802.1x
Operation
Enable the error/event/packet/all debugging
of 802.1x
Disable the error/event/packet/all debugging
of 802.1x.
With the expansion of Internet scale and the increase of Internet users, the
possibility that networking equipment gets attacked is increasing. Specific to some
typical attack modes, the Switch 8800 Family series switches provides a series of
schemes of preventing attacks against packets to protect the networking
equipment against attacked from IP, ARP, 802.1x and unknown multicast packets.
IP Packet attack: It refers to such a situation that the Switch 8800 Family switch
■
receives too many IP packets whose destination addresses and VLAN interface
addresses are within the same network segment, while the corresponding
forwarding entries do not exist on the switch. Such packets will be delivered to
the CPU for processing. They occupy lots of CPU resources, and even affect the
forwarding of normal packets.
ARP packet attack: It refers to such a situation that the Switch 8800 Family
■
switch receives a large number of ARP request packets with the same or similar
source MAC addresses. These packets affect the normal ARP learning.
802.1x packet attack: It refers to such a situation that the Switch 8800 Family
■
switch receives a large number of 8021.x authentication packets with the same
or similar source MAC addresses. These packets largely occupy the CPU
resources.
Perform the following configuration in system view.
Table 196 Enable/disable packet attack prevention
Operation
Enable/Disable packet attack prevention
By default, IP packet attack prevention is enabled while ARP packet attack
prevention and dot1x packet attack prevention are disabled by default.
Network requirements
As shown in Figure 59, the workstation of a user is connected to the port Ethernet
3/1/1 of the Switch.
The switch administrator will enable 802.1x on all the ports to authenticate the
supplicants so as to control their access to the Internet. The access control mode is
configured as based on the MAC address
All the supplicants belong to the default domain 3Com163.net, which can contain
up to 30 users. RADIUS authentication is performed first. If there is no response
from the RADIUS server, local authentication will be performed. For accounting, if
the RADIUS server fails to account, the user will be disconnected. In addition,
Command
debugging dot1x { error | event | packet |
all }
undo debugging dot1x { error | event |
packet | all }
Command
anti-attack { arp | dot1x | ip } { disable |
enable }
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the 8807 and is the answer not in the manual?