Port attack defense has been available since V200R003 and is enabled by default. If an attack source sends a large number of packets to the CPU through one port, bandwidth for protocol packets sending to the CPU from other ports is occupied. The port attack defense function addresses this problem.
[HUAWEI] display auto-port-defend attack-source slot 3 Attack source table on slot 3: Total : 1 -------------------------------------------------------------------------------- Interface Vlan Protocol Expire(s) PacketRate(pps) LastAttackTime -------------------------------------------------------------------------------- GE3/0/0 NA arp-request 298 75 2009-10-08 10:30:42 --------------------------------------------------------------------------------
[HUAWEI-diagnose] display auto-port-defend statistics slot 3 Statistics on slot 3: -------------------------------------------------------------------------------- Protocol Vlan Queue Cir(Kbps) Pass(Packet/Byte) Drop(Packet/Byte) -------------------------------------------------------------------------------- arp-request NA 2 64 2214362 136179370 221436200 13617937100 --------------------------------------------------------------------------------
SECE/4/PORT_ATTACK_OCCUR:Auto port-defend started.(SourceAttackInterface=[STRING], AttackProtocol=[STRING])
SECE/6/PORT_ATTACK_END:Auto port-defend stop.(SourceAttackInterface=[STRING], AttackProtocol=[STRING])
If the number of dropped packets is 0, no ARP packet is discarded. If you suspect that your switch undergoes an ARP attack, see Checking Whether the CPU Usage Exceeds 70%.
If the number of dropped ARP packets increases slightly and services are not affected, keep observing the packet statistics. If the number of dropped ARP packets increases sharply, see Checking ARP Entries on the Gateway.
<HUAWEI> display cpu-defend statistics all Statistics on mainboard: ------------------------------------------------------------------------------- Packet Type Pass(Bytes) Drop(Bytes) Pass(Packets) Drop(Packets) ------------------------------------------------------------------------------- arp-miss 82563573127 2701145997 1041389471 37006174 arp-reply 0 0 0 0 arp-request 24861995399 9984 268423659 156