Enabling system-guard on ports, Table 5-2 – H3C Technologies H3C S3100 Series Switches User Manual
Page 403
5-2
Table 5-2 Configure system-guard related parameters
Operation
Command
Description
Enter system view
system-view
—
Configure
system-guard-related
parameters
system-guard mode
rate-limit interval-time
threshold timeout
Required
The default system-guard-related
parameters are as follows.
interval-time: 5 seconds
threshold: 64
timeout: 60 seconds
Enabling System-Guard on Ports
lists the operations to enable system-guard on ports.
Table 5-3 Enable system-guard on ports
Operation
Command
Description
Enter system view
system-view
—
Enable system-guard on
specified ports
system-guard permit
interface-list
Required
After system-guard is enabled on a port, if the number of packets the port received and sent to the CPU
in a specified interval exceeds the specified threshold, the system considers that the port is under attack
and begins to limit the packet receiving rate on the port (this function is also called inbound rate limit). if
the rate of incoming packets on the port exceeds the threshold of inbound rate limit, any service packets,
including BPDU packets, are possible to be dropped at random, which may result in state transition of
STP.
Displaying and Maintaining the System-Guard Function
After the above configuration, you can display and verify your configuration by performing the operation
listed in
Table 5-4 Display and debug the system-guard function
Operation
Command
Description
Display system-guard
configuration
display system-guard config
This command can be
executed in any view.