User's Manual Part 2
49JadeOSUserManual
(JadeOS) (config) #aaa profile test
(JadeOS) (AAA profile “test”) #http-redirection enable
(JadeOS) (AAA profile “test”) #initial-role trole
Step4ApplyAAApro filetoVLAN100
(JadeOS) (config) #vlan 100 aaa profile test
7.4ConfiguringDoSAnti‐attack
The main function of DoS anti‐attack is to protect the operation system of control
plane,whichcanmakeJadeOSworknormallyinmaliciousattack.
DoS anti‐attack will classify based on protocol first, and then limit the rate of each
protoc ol according to the configuration. JadeOS configur e different rate limit policy
for each protocol; rate limit policy is based on traffic per second or the number of
datapacket.
7.4.1SystemPre‐definedConfiguration
Pre‐defined configuration is the best deployment configuration of JadeOS, which is
basedonthehardwareperformanceanddesignspecificationoftheproduct.Toview
systempredefinedconfiguration, useshowfirewallcommand.
(JadeOS) #show firewall
Firewall bandwidth-contract:
Firewall Rate limit Enable/Disable Rate
Rate limit CP Capwap traffic Disable 2MBps0KBps
Rate limit CP Dhcp traffic Disable 8MBps0KBps
Rate limit CP Hostapd traffic Disable 20MBps0KBps
Rate limit CP Ospf traffic Disable 2MBps0KBps
Rate limit CP trusted-mcast packet traffic Disable 20MBps0KBps
Rate limit CP trusted-ucast packet traffic Disable 40MBps0KBps
Rate limit CP untrusted-mcast packet traffic Disable 10MBps0KBps
Rate limit CP untrusted-ucast packet traffic Disable 10MBps0KBps
Rate limit CP VRRP packet traffic Disable 2MBps0KBps
Rate limit SP session miss packet traffic Disable 50000pps
Rate limit SP user miss packet traffic Disable 1000pps
Rate limit SP other excepion packet traffic Disable 2MBps0KBps
7.4.2ConfiguringAnti‐attack
JadeOS supportsanti‐attack configuration,whichisconvenient forconfigurationad‐
justmentinvariousnetworkscenarios.