DES-7200 Configuration Guide Chapter 12 NFPP Configuration
%NFPP_DHCPV6_GUARD-4-ISOLATE_FAILED: Failed to isolate host <IP=N/A,MAC=0
000.0000.0001,port=Gi4/1,VLAN=1>. (2009-07-01 13:00:00)
The following example shows the describing information included in the sent TRAP messages:
Failed to isolate host<IP=N/A,MAC=0000.0000.0001,port=Gi4/1,VLAN=1>.
When it fails to allocate the memory to the detected attackers, it prompts the
message like “
%NFPP_DHCPV6_GUARD-4-NO_MEMORY: Failed to alloc memory.”
to inform the administrator.
This section shows the administrator how to configure the host-based rate-limit and attack
detection in the nfpp configuration mode and in the interface configuration mode:
Command Function
DES-7200# configure terminal
Enter the global configuration mode.
DES-7200(config)# nfpp
Enter the nfpp configuration mode.
DES-7200(config-nfpp)# dhcpv6-guard
rate-limit per-src-mac pps
Configure the dhcpv6-guard rate-limit, ranging from 1
to 9999, 5 by default.
per-src-mac: detect the hosts based on the source
MAC address/VID/port;
DES-7200(config)# dhcpv6-guard
attack-threshold per-src-mac pps
Configure the dhcpv6-guard attack threshold, ranging
from 1 to 9999, 10 by default. When the DHCPv6
packet number sent from a host exceeds the attack
threshold, the attack is detected and DHCPv6-guard
isolates the host, records the message and sends the
TRAP packet.
per-src-mac: detect the hosts based on the source
MAC address/VID/port;
DES-7200(config-nfpp)# end
Return to the privileged EXEC mode.
DES-7200# configure terminal
Enter the global configuration mode.
DES-7200(config)# interface
Enter the interface configuration mode.