4-14 System Guard ConfigurationWhen configuring System Guard, go to these sections for information you are interested in:z System Guard Overviewz Configuring System Guardz Displaying and Maintaining System Guard ConfigurationSystem Guard OverviewGuard Against IP AttacksSystem-guard operates to inspect the IP packets over 10-second intervals for the CPU for suspicioussource IP addresses. Once the packets from such an IP address hit the predefined threshold, the switchwith System Guard enabled will take the following action: If the packets from the source IP addressneed to be processed by the CPU, the switch decreases the precedence of delivering such packets tothe CPU.Guard Against TCN AttacksSystem Guard monitors the rate at which TCN/TC packets are received on the ports. If a port receivesan excessive number of TCN/TC packets within a given period of time, the switch sends only oneTCN/TC packet in every 10 seconds to the CPU and discards the rest TCN/TC packets, while outputtingtrap and log information.Layer 3 Error ControlWith the Layer 3 error control feature enabled, the switch delivers all Layer 3 packets that the switchconsiders to be error packets to the CPU.Configuring System GuardConfiguring System Guard Against IP AttacksConfiguration of System Guard against IP attacks includes these tasks:z Enabling System Guard against IP attacksz Setting the maximum number of infected hosts that can be concurrently monitoredz Configuring parameters related to MAC address learningFollow these steps to configure System Guard against IP attacks:To do... Use the command... RemarksEnter system view system-view —Enable System Guard againstIP attacks system-guard ip enable RequiredDisabled by default
