Aug 18 2020 04:14:08+08:00 JK-BGDL-SW01 %%01SECE/4/PORT_ATTACK_OCCUR(l)[69]:Auto port-defend started.(SourceAttackInterface=GigabitEthernet0/0/28, AttackProtocol=ARP-REQUEST)
Aug 18 2020 02:50:07+08:00 JK-BGDL-SW01 %%01SECE/4/PORT_ATTACK_OCCUR(l)[70]:Auto port-defend started.(SourceAttackInterface=GigabitEthernet0/0/28, AttackProtocol=ARP-REQUEST)
Aug 17 2020 22:54:26+08:00 JK-BGDL-SW01 %%01SECE/4/PORT_ATTACK_OCCUR(l)[71]:Auto port-defend started.(SourceAttackInterface=GigabitEthernet0/0/28, AttackProtocol=ARP-REQUEST)
Aug 17 2020 22:06:51+08:00 JK-BGDL-SW01 %%01SECE/4/PORT_ATTACK_OCCUR(l)[72]:Auto port-defend started.(SourceAttackInterface=GigabitEthernet0/0/28, AttackProtocol=ARP-REQUEST)
交換機檢測收到大量的ARP-Request報文攻擊,超出交換機CPU處理能力(交換機本機防攻擊策略指定CPU對ARP-Request報文處理速度的閾值為64kbit/s,超出部分丟棄),啟動端口防攻擊。
處理步驟:
1.排查設備受到的攻擊是否是真實的攻擊。
2.如果是真實攻擊,請排除攻擊源;如果不是,請重新配置端口防攻擊功能,確保協議報文能夠正常上送CPU處理。
>observe-port 1 interface GigabitEthernet1/0/22 // 觀察口 # interface GigabitEthernet0/0/28 //鏡像口 port-mirroring to observe-port 1 both
