3com 5500-ei pwr Reference Guide

 

4-5 

The correlations among the arguments of the system-guard ip detect-threshold command can be 

clearly described with this example: If you set ip-record-threshold,  record-times-threshold and 

isolate-time to 30, 1 and 3 respectively, when the system detects successively three times that over 50 

IP packets (destined for an address other that an IP address of the switch) from a source IP address are 

received within a period of 10 seconds, the system considers to be attacked — the system sorts out the 

source IP address and decreases the precedence of delivering packets from the source IP address to 

the CPU for a period of 5 times the MAC address aging time.  

 

# Set the maximum number of addresses that the system can learn to 50, set the maximum number of 

times an address can be hit to 3, and set the address isolation time to 5 times the MAC address aging 

time.  

<Sysname> system-view 

System View: return to User View with Ctrl+Z. 

[Sysname] system-guard ip detect-threshold 50 3 5 

System view 

None 

Use the system-guard ip enable command to enable System Guard against IP attacks.  

Use the undo system-guard ip enable command to disable System Guard against IP attacks.  

By default, System Guard against IP attacks is disabled.  

The System Guard feature monitors the IP packets delivered to the CPU within 10 seconds, finds out 

the source IP addresses of the IP packets with attack characteristics within the 10 seconds and counts 

these packets. Once the packets from such an IP address hit the predefined threshold, the switch with 

System Guard enabled will take the following action: If the packets from the source IP address need to 

be processed by the CPU, the switch decreases the precedence of delivering such packets to the CPU. 

# Enable System Guard against IP attacks.  

<Sysname> system-view