Switch command problem: Solve the system-guard Command Problem

Switch command problem: Solve the system-guard Command problem. A friend asked me to solve the switch command problem for him and asked many people for a satisfactory answer. Below is a similar answer to the switch command questions found on the Internet.

Vswitch command Problem description:

A user of a university under S3526 often uses BT to download the software. If the system-guard command is not enabled on S3526, it is easy to crash. However, if this command is enabled, many users report that the btsoftware is abnormal.

Cause Analysis of switch command problems:

First, let's take a look at the switch command principle of the system-guard Command: system-guard is a worm detection function implemented by an Ethernet switch. The switch Automatically releases an ACL to remove the infected host, thus isolating the infected host from the network to ensure that other hosts on the network are not infected. after a certain period of time, the switch will resume the normal forwarding process for the address of the infected host.

That is to say, this command limits the number of concurrent TCP connections. It monitors the number of concurrent threads of each process in real time. As long as the number of threads that the system considers safe is exceeded, some threads are blocked. This is to prevent the virus, such as shock waves, but the multi-threaded point-to-point tools such as bt and emule are also treated equally. Therefore, when system-guard is not enabled, the worm will cause the device to crash. When system-guard is enabled, many users may encounter btsoftware exceptions.

First, take a look at the switch command problem system-guard command configuration:
◆ Enable system-guard: system-guard enable
◆ Disable the system-guard detection function: undo system-guard enable
◆ Set the current maximum number of infected hosts: system-guard detect-maxnum number
◆ Restore the maximum number of vulnerable hosts to the default value: undo system-guard detect-maxnum

Set the maximum number of address learning times, the maximum number of repeated detection times, and the isolation time for vswitch command problems: system-guard detect-threshold IP-record-threshold record-times-threshold isolate-time by default, the maximum number of system-guard IP address learning IPS-record-threshold) maximum number of record-times-threshold) and isolation time isolate-time are 30, 1, and 3, respectively.

For example, after you set the maximum number of address learning tasks to 50, the maximum number of repeated detection tasks to 3, and the isolation time to 5, if the system detects that the number of IP addresses learned from a source IP address exceeds 50 three times in a row, the system considers the IP address to be under attack and detects the source IP address, do not learn the destination IP address in the packet from this source IP address within a 5-fold aging period.

How to solve the switch command problem:

The upper limit of system-guard address learning quantity is set to greater than limit, for example, 50.) to solve the problem, the specific parameter value must be determined based on the number of users. The larger the number of users, the value must be larger ). Note: Apart from S3526 series switches, S3526E series switches also support the system-guard feature.