http://www.level1.com
Attack Prevention Configuration
- 2 -
interface y at slot X.
filter arp
Detects the arp attack.
The ARP attack takes the host’s MAC address and the source port as the attack
source, that is, message from the same MAC address but different ports cannot be
calculated together. Both the IGMP attack and IP attack take the host’s IP address
and source port as the attack source.
Remember that the IGMP attack prevention and the IP attack prevention cannot be
started up together.
1.3.3 Starting up the Attack Prevention Function
After all parameters for attack prevention are set, you can start up the attack
prevention function. Note that small parts of processor source will be occupied when
the attack prevention function is started.
Command
Description
filter enable
Starts up the attack prevention function.
Use the
no filter enable
command to disable the attack prevention function and
remove the block to all attack sources.
1.3.4 Checking the State of Attack Prevention
After attack prevention is started, you can run the following command to check the
state of attack prevention:
Command
Description
show filter
Checks the state of attack prevention.
1.4 Attack Prevention Configuration Example
To enable the IGMP attack prevention and the ARP attack prevention on port 1/2,
consider any host that sends more than 1200 pieces of message within 15 seconds as
the attack source and to cut off network service for any attack source.
filter period 15
filter threshold 1200
filter block-time 600
interface g0/2
filter arp
exit
filter enable
