Aug 18 2020 04:14:08+08:00 JK-BGDL-SW01 %%01SECE/4/PORT_ATTACK_OCCUR(l)[69]:Auto port-defend started.(SourceAttackInterface=GigabitEthernet0/0/28, AttackProtocol=ARP-REQUEST)
Aug 18 2020 02:50:07+08:00 JK-BGDL-SW01 %%01SECE/4/PORT_ATTACK_OCCUR(l)[70]:Auto port-defend started.(SourceAttackInterface=GigabitEthernet0/0/28, AttackProtocol=ARP-REQUEST)
Aug 17 2020 22:54:26+08:00 JK-BGDL-SW01 %%01SECE/4/PORT_ATTACK_OCCUR(l)[71]:Auto port-defend started.(SourceAttackInterface=GigabitEthernet0/0/28, AttackProtocol=ARP-REQUEST)
Aug 17 2020 22:06:51+08:00 JK-BGDL-SW01 %%01SECE/4/PORT_ATTACK_OCCUR(l)[72]:Auto port-defend started.(SourceAttackInterface=GigabitEthernet0/0/28, AttackProtocol=ARP-REQUEST)
交换机检测收到大量的ARP-Request报文攻击,超出交换机CPU处理能力(交换机本机防攻击策略指定CPU对ARP-Request报文处理速度的阈值为64kbit/s,超出部分丢弃),启动端口防攻击。
处理步骤:
1.排查设备受到的攻击是否是真实的攻击。
2.如果是真实攻击,请排除攻击源;如果不是,请重新配置端口防攻击功能,确保协议报文能够正常上送CPU处理。
>observe-port 1 interface GigabitEthernet1/0/22 // 观察口 # interface GigabitEthernet0/0/28 //镜像口 port-mirroring to observe-port 1 both
