User's Manual
49JadeOSUserManual
Step 4 Apply AAA profile to VLAN 100
(JadeOS) (config) #vlan 100 aaa profile test
7.4 Configuring DoS Anti-attack
The main function of DoS anti-attack is to protect the operation system of control
plane, which can make JadeOS work normally in malicious attack.
DoS anti-attack will classify based on protocol first, and then limit the rate of each
protocol according to the configuration. JadeOS configure different rate limit policy
for each protocol; rate limit policy is based on traffic per second or the number of data
packet.
7.4.1 System Pre-defined Configuration
Pre-defined configuration is the best deployment configuration of JadeOS, which is
based on the hardware performance and design specification of the product. To view
system predefined configuration, use show firewall command.
(JadeOS) #show firewall
Firewall bandwidth-contract:
Firewall Rate limit Enable/Disable Rate
Rate limit CP Capwap traffic Disable 2MBps0KBps
Rate limit CP Dhcp traffic Disable 8MBps0KBps
Rate limit CP Hostapd traffic Disable 20MBps0KBps
Rate limit CP Ospf traffic Disable 2MBps0KBps
Rate limit CP trusted-mcast packet traffic Disable 20MBps0KBps
Rate limit CP trusted-ucast packet traffic Disable 40MBps0KBps
Rate limit CP untrusted-mcast packet traffic Disable 10MBps0KBps
Rate limit CP untrusted-ucast packet traffic Disable 10MBps0KBps
Rate limit CP VRRP packet traffic Disable 2MBps0KBps
Rate limit SP session miss packet traffic Disable 50000pps
Rate limit SP user miss packet traffic Disable 1000pps
Rate limit SP other excepion packet traffic Disable 2MBps0KBps
7.4.2 Configuring Anti-attack
JadeOS supports anti-attack configuration, which is convenient for configuration ad-
justment in various network scenarios.
Two configuration commands in config mode:
firewall cp-bandwidth-contract <service type> <pps number | traffic limit>
firewall sp-bandwidth-contract <service type> <pps number | traffic limit>