Use this command to configure thresholds and actions for an anti-spoofing port class.
| class-index | Specifies the class index of the threshold index to configure. Valid values are 1 - 3. |
| thresh-index | Specifies the anti-spoofing class threshold index to configure. Valid values are 1 - 6. |
| threshold-value thresh-value | Specifies the aggregate number of changes for any enabled anti-spoofing type on the port to trigger the configured action. Valid values are 0 - 65535. Default value is 0 (threshold is disabled). |
| quarantine-profile quar-profile | Specifies the quarantine policy profile index associated with this class. |
| action | The anti-spoofing class actions to be taken if the threshold value for this threshold is reached. Specifying an action type enables that action. |
| syslog | Specifies that a Syslog message is sent if the threshold value is reached. |
| trap | Specifies that a notification is sent if the threshold value is reached. |
| quarantine | Specifies that the quarantine policy profile as configured by quarantine-profile is applied if the threshold value is reached. |
All command modes.
There are three anti-spoofing detection types: DHCP snooping, dynamic ARP inspection, and IP source guard. Each anti-spoofing detection type can be enabled on a port. Each port enabled anti-spoofing detection type tracks actionable anti-spoofing violations on the port based upon the detection type:
An anti-spoofing class specifies one or more actions to be taken when the number of actionable violations configured in a class threshold occur on the port within the class timeout interval. The class timeout is configured using set antispoof class.
Anti-spoofing supports the configuration of up to 3 classes. Each port can be configured with a single class. If you only have a single anti-spoofing detection type enabled on the port, DHCP snooping for example, the action class thresholds and actions can be set for that anti-spoofing detection type. If multiple anti-spoofing types are configured on a port, DHCP snooping and dynamic ARP inspection for example, the class thresholds and actions must take into account any combination of anti-spoofing events for the configured anti-spoofing types.
Action CLI entries are not additive. Any specified action overwrites any previous class action configuration.
If the quarantine action is specified, ensure that a quarantine policy has been created and associated with the threshold. Extreme Networks highly recommends that you use quarantine policies to classify the user traffic upon violation hits. Quarantine policy profiles are configured using set policy profile. Policy rules using set policy rule (S-, K-Series) can be associated with the quarantine policy profile. The admin profile is not supported in a quarantine context.
This example shows how to configure class threshold 1 of class 1 with a threshold value of 1 and actions to send Syslog messages, to send notifications, and to apply quarantine policy profile 1:
System(rw)->set antispoof class 1 threshold-index 1 threshold-value 1 quarantine-profile 1 action syslog trap quarantine
Print
this page
Email this topic
Feedback
View PDF
Download EPUB