Huawei Switch configuration command Problem description and Cause Analysis

The Problem description and Cause Analysis of the Huawei Switch configuration command. Let's talk about how to analyze the common problems of the Huawei Switch configuration command. The following analysis of the causes and solutions of Huawei Switch configuration commands, and the solutions obtained by professionals through examples, ensure that you learn about Huawei Switch configuration commands.

Huawei Switch configuration command Problem description:

A user of a university under S3526 often uses BT to download the software. If the system-guard Huawei Switch configuration command is not enabled on S3526, it is easy to crash. However, if this Huawei Switch configuration command is enabled, many users report that the btsoftware is abnormal.

Cause Analysis of Huawei Switch configuration command:

First, let's take a look at the principle of the system-guard Huawei Switch configuration command: system-guard is a worm detection function implemented by the Ethernet switch. The switch Automatically releases an ACL to remove the infected host, thus isolating the infected host from the network to ensure that other hosts on the network are not infected. after a certain period of time, the switch will resume the normal forwarding process for the address of the infected host.

That is to say, this Huawei Switch configuration command limits the number of concurrent TCP connections. It monitors the number of concurrent threads of each process in real time. As long as the number of threads that the system considers safe is exceeded, some threads are blocked. This is to prevent the virus, such as shock waves, but the multi-threaded point-to-point tools such as bt and emule are also treated equally. If system-guard is not enabled, the worm will cause the device to crash. When system-guard is enabled, many users may encounter btsoftware exceptions.
◆ First, master the configuration of the system-guard Huawei Switch configuration command:
◆ Enable system-guard: system-guard enable
◆ Disable the system-guard detection function: undo system-guard enable
◆ Set the current maximum number of infected hosts: system-guard detect-maxnum number
◆ Restore the maximum number of vulnerable hosts to the default value: undo system-guard detect-maxnum
◆ Set the upper limit of address learning quantity, the upper limit of repeated detection times, and the isolation time:
◆ System-guard detect-threshold IP-record-threshold record-times-threshold isolate-time

By default, the maximum number of system-guard address learning IPS-record-threshold), the maximum number of record-times-threshold), and the isolation time isolate-time are: 30, 1, 3. Huawei Switch configuration command example: the maximum address learning quantity is set to 50, the maximum number of repeated checks is 3, and the isolation time is 5.

If the system detects that the number of IP addresses learned from a source IP address exceeds 50 three times in a row, the system considers the IP address to be under attack and detects the source IP address, do not learn the destination IP address in the packet from this source IP address within a 5-fold aging period.

Huawei Switch configuration command solution:

Change the upper limit of the system-guard address learning quantity to 50.) to solve the problem, the specific parameter value must be determined based on the number of users. The larger the number of users, the value must be larger ).