System information

ManualsBrandsD-Link ManualsNetworkingDGS-3000-10TC

251

252

253

254

255

256

257

258

259

260

DGS-3000 Series Layer 2 Managed Gigabit Switch Web UI Reference Guide

245

Rising Threshold (20%

- 100%)

Used to configure the acceptable level of CPU utilization before the Safeguard

Engine mechanism is enabled. Once the CPU utilization reaches this percentage

level, the Switch will move into Exhausted mode, based on the parameters provided

in this window.

Falling Threshold (20%

- 100%)

Used to configure the acceptable level of CPU utilization as a percentage, where the

Switch leaves the Safeguard Engine state and returns to normal mode.

Trap / Log

Use the drop-down menu to enable or disable the sending of messages to the

device’s SNMP agent and switch log once the Safeguard Engine has been activated

by a high CPU utilization rate.

Mode

Used to select the type of Safeguard Engine to be activated by the Switch when the

CPU utilization reaches a high rate. The user may select:

Fuzzy – If selected, the Switch will adjust the bandwidth dynamically depend on

some reasonable algorithm.

Strict – If selected, the Switch will stop receiving all ‘IP broadcast’ packets, packets

from un-trusted IP address and reduce the bandwidth of ‘ARP not to me’ packets

(the protocol address of target in ARP packet is the Switch itself) to the Switch. That

means no matter what reasons cause the high CPU utilization (may not caused by

ARP storm), the Switch reluctantly processes the specified traffic mentioned in

previous in the Exhausted mode.

The default setting is Fuzzy mode.

Click the Apply button to accept the changes made.

DoS Attack Prevention Settings

This window is used to configure the Denial-of-Service (DoS) attach prevention settings.

To view this window, click Security > DoS Attack Prevention Settings as shown below:

Figure 8-78 DoS Attack Prevention Settings window

The fields that can be configured are described below:

Parameter Description

Land Attack

Tick to check whether the source address is equal to destination address of a

received IP packet.

Blat Attack

Tick check whether the source port is equal to destination port of a received TCP

packet.

TCP Tiny Frag Attack

Tick to check whether the packets are TCP tiny fragment packets.