Support User Manuals

3Com 4500 Switch User Manual

Open as PDF

of 742

4-2

To do... Use the command... Remarks

Set the maximum number of

infected hosts that can be

concurrently monitored

system-guard ip

detect-maxnum number

Optional

30 by default

Set the maximum number of

addresses that the system can

learn, the maximum number of

times an address can be hit

before an action is taken and

the address isolation time

(presented in the number of

multiples of MAC address

aging time)

system-guard ip

detect-threshold

ip-record-threshold

record-times-threshold

isolate-time

Optional

By default, ip-record-threshold

is 30; record-times-threshold is

1, and isolate-time is 3.

The correlations among the arguments of the system-guard ip detect-threshold command can be

clearly described with this example: If you set ip-record-threshold, record-times-threshold and

isolate-time to 30, 1 and 3 respectively, when the system detects successively three times that over 50

IP packets (destined for an address other that an IP address of the switch) from a source IP address are

received within a period of 10 seconds, the system considers that it is being attacked —the system sorts

out the source IP address and decreases the precedence of delivering packets from the source IP

address to the CPU for a period of 5 times the MAC address aging time.

Configuring System Guard Against TCN Attacks

Configuration of System Guard against TCN attacks includes these tasks:

z Enabling System Guard against TCN attacks

z Setting the threshold of TCN/TC packet receiving rate

Follow these steps to configure System Guard against TCN attacks:

To do... Use the command... Remarks

Enter system view

system-view

—

Enable System Guard against

TCN attacks

system-guard tcn enable

Required

Disabled by default

Set the threshold of TCN/TC

packet receiving rate

system-guard tcn

rate-threshold rate-threshold

Optional

1 pps by default

As the system monitoring cycle is 10 seconds, the system sends trap and log information if more than

10 TCN/TC packets are received within 10 seconds by default. If the TCN/TC packet receiving rate is

lower than the set threshold within a 10-second monitoring cycle, the system will not send trap or log

information in the next 10-second monitoring cycle.

previous next