rate of packets to cpu exceeded the cpcar limit on the mpu (Protocol=https,CIR/CBS=64/12032,ExceededPacketCont=34)
[HUAWEI] cpu-defend policy test //創建防***策略,策略名爲test
[HUAWEI-cpu-defend-policy-test] auto-defend enable //使能***溯源功能
[HUAWEI-cpu-defend-policy-test] auto-defend protocol all //配置***溯源防範的報文類型
[HUAWEI-cpu-defend-policy-test] auto-defend threshold 64 //配置***溯源檢查閾值
[HUAWEI-cpu-defend-policy-test] auto-defend attack-packet sample 10 //配置***溯源採樣比
[HUAWEI-cpu-defend-policy-test] auto-defend alarm enable //使能***溯源告警功能
[HUAWEI-cpu-defend-policy-test] auto-defend alarm threshold 64 //配置***溯源告警閾值
[HUAWEI-cpu-defend-policy-test] auto-defend action deny //配置***溯源的懲罰措施
[HUAWEI-cpu-defend-policy-test] quit //返回系統視圖
[HUAWEI] cpu-defend-policy test global //應用防***策略
執行之後,然後過一段時間,display auto-defend attack-source命令用來查看 一下
<S6720-30C-EI-24S-AC>dis log
Logging buffer configuration and contents : enabled
... ...
Dec 17 2020 13:11:32+08:00 S6720-30C-EI-24S-AC %%01SECE/4/STRACK_DENY(l)[0]:Some packets are dropped because an attack is detected.(Interface=XGigabitEthernet0/0/3, sourceMAC=0000-0000-0000, sourceIP=10.77.81.252, CVLAN=0, PVLAN=0)
Dec 17 2020 13:11:32+08:00 S6720-30C-EI-24S-AC %%01SECE/4/SPECIFY_SIP_ATTACK(l)[1]:The specified source IP address attack occurred.(Slot=MPU, SourceAttackIP=10.77.81.252, AttackProtocol=ARP, AttackPackets=70 packets per second)
Dec 17 2020 13:11:32+08:00 S6720-30C-EI-24S-AC %%01SECE/4/STRACK_DENY(l)[2]:Some packets are dropped because an attack is detected.(Interface=XGigabitEthernet0/0/3, sourceMAC=0000-0000-0000, sourceIP=0.0.0.0, CVLAN=0, PVLAN=1080)
Dec 17 2020 13:11:32+08:00 S6720-30C-EI-24S-AC %%01SECE/4/PORT_ATTACK(l)[3]:Port attack occurred.(Slot=MPU, SourceAttackInterface=XGigabitEthernet0/0/3, OuterVlan/InnerVlan=1080/0, AttackProtocol=ARP, AttackPackets=70 packets per second)
Dec 17 2020 13:11:32+08:00 S6720-30C-EI-24S-AC %%01SECE/4/STRACK_DENY(l)[4]:Some packets are dropped because an attack is detected.(Interface=XGigabitEthernet0/0/3, sourceMAC=e040-070b-1329, sourceIP=0.0.0.0, CVLAN=0, PVLAN=0)
Dec 17 2020 13:11:32+08:00 S6720-30C-EI-24S-AC %%01SECE/4/USER_ATTACK(l)[5]:User attack occurred.(Slot=MPU, SourceAttackInterface=XGigabitEthernet0/0/3, OuterVlan/InnerVlan=1080/0, UserMacAddress=e040-070b-1329, AttackProtocol=ARP AttackPackets=70 packets per second)
Dec 17 2020 13:11:22+08:00 S6720-30C-EI-24S-AC %%01SECE/4/PORT_ATTACK_OCCUR(l)[6]:Auto port-defend started.(SourceAttackInterface=XGigabitEthernet0/0/3, AttackProtocol=ARP-REQUEST)
Dec 17 2020 13:01:48+08:00 S6720-30C-EI-24S-AC %%01DEFD/4/CPCAR_DROP_MPU(l)[7]:Rate of packets to cpu exceeded the CPCAR limit on the MPU. (Protocol=https, CIR/CBS=64/12032, ExceededPacketCount=66)
Dec 17 2020 12:53:17+08:00 S6720-30C-EI-24S-AC %%01SECE/4/PORT_ATTACK_OCCUR(l)[8]:Auto port-defend started.(SourceAttackInterface=XGigabitEthernet0/0/3, AttackProtocol=ARP-REQUEST)
Dec 17 2020 12:32:31+08:00 S6720-30C-EI-24S-AC %%01SECE/4/PORT_ATTACK_OCCUR(l)[9]:Auto port-defend started.(SourceAttackInterface=XGigabitEthernet0/0/3, AttackProtocol=ARP-REQUEST)
Dec 17 2020 12:29:49+08:00 S6720-30C-EI-24S-AC %%01SECE/4/PORT_ATTACK_OCCUR(l)[10]:Auto port-defend started.(SourceAttackInterface=XGigabitEthernet0/0/2, AttackProtocol=ARP-REQUEST)
Dec 17 2020 12:05:48+08:00 S6720-30C-EI-24S-AC %%01SECE/4/PORT_ATTACK_OCCUR(l)[11]:Auto port-defend started.(SourceAttackInterface=XGigabitEthernet0/0/2, AttackProtocol=ARP-REQUEST)