xStack
®
DES-3200-10/18/28/28F Layer 2 Ethernet Managed Switch User Manual
Section 5
Security
Safeguard Engine
Trusted Host
IP-MAC-Port Binding
Port Security
DHCP Server Screening Settings
802.1X
SSL Settings
SSH
Access Authentication Control
MAC-based Access Control
DoS Prevention Settings
Safeguard Engine
Periodically, malicious hosts on the network will attack the Switch by utilizing packet flooding (ARP storm) or other
methods. These attacks may affect normal traffic flow. To alleviate this problem, the Safeguard Engine function was
added to the Switch’s software.
The Safeguard Engine can help the overall operability of the Switch by minimizing the workload of the Switch during
an attack, therefore making it capable of forwarding essential packets over the network with limited bandwidth. To
achieve this, the Safeguard Engine uses threshold values to place the Switch in Exhausted or Normal mode.
The Switch will be placed in Exhausted mode when the CPU utilization exceeds the Rising Threshold. In Exhausted
mode, the Switch will limit the bandwidth for ARP packets, therefore allowing more bandwidth for essential packets.
Figure 5 - 1. Safeguard Engine Checking Interval Example on the Switch
115