Configuration Guide Configuring FPM
Use the no form of the command to restore the default number of packets permitted to pass.
2.4.3.4 Verification
Use the show run command to check whether the configuration includes ip session threshold. If no, the default
values about the number of packets permitted to pass apply.
2.4.3.5 Configuration Example
When a large number of ping packets exist on a network, a flooding attack probably occurs. You can
configure the number of packets permitted to pass in each ICMP flow in icmp-started status, so as to
deny such ping packets.
The current forwarding device is a FW card located in slot 2 of device 1. Set the number of packets
permitted to pass in each ICMP flow in icmp-started status to 10.
Ruijie# configure terminal
Ruijie(config)# ip session threshold icmp-started 10
Check configuration information about the number of packets permitted to pass in each ICMP flow in
icmp-started status. The number should be 10.
Use the show run command to verify that the configuration contains the following item:
ip session threshold icmp-started 10
This indicates that the number of packets permitted to pass in each ICMP flow in icmp-started status is 10.
2.4.3.6 Common Errors
-
2.4.4 Enabling the TCP Status Tracing Function
2.4.4.1 Networking Requirements
The TCP status tracing function needs to be enabled on corresponding wireless products.
2.4.4.2 Notes
By default, the TCP status tracing function is disabled on wireless products.
2.4.4.3 Configuration Steps
Optional configuration.
By default, the TCP status tracing function is disabled on wireless products. You can use the ip session
tcp-state-inspection-enable command to enable the TCP status tracing function.
ip session tcp-state-inspection-enable
To Next Page
Loading...
Need help?
General
