The anti-ddos udp-frag-flood command enables the interface-specific UDP fragment flood attack defense.
The undo anti-ddos udp-frag-flood command disables the interface-specific UDP fragment flood attack defense.
| Parameter | Description | Value |
|---|---|---|
| alert-speed alert-speed | Specifies the threshold of the UDP fragment rate that triggers UDP fragment flood attack defense. | The value is an integer ranging from 1 to 10240, in Mbit/s. The default value is 200. |
Ethernet interface view, Ethernet sub-interface view, Layer-2 Ethernet interface view, Layer-2 Ethernet sub-interface view, Eth-Trunk interface view, Layer-2 Eth-Trunk interface view, Eth-Trunk sub-interface view, Layer-2 Eth-Trunk sub-interface view, Virtual interface view
By default, the function is disabled.
The attack defense threshold obtained by the threshold learning function takes effect only for the global anti-DDoS. Therefore, you must use the anti-ddos udp-frag-flood command to manually set the threshold for the interface-specific UDP fragment flood attack defense.
# Enable UDP fragment flood attack defense on the GigabitEthernet 0/0/1 interface. Set the threshold of UDP packet rate that triggers UDP fragment flood attack defense to 100 Mbit/s.
<sysname> system-view [sysname] interface GigabitEthernet 0/0/1 [sysname-GigabitEthernet0/0/1] anti-ddos udp-frag-flood alert-speed 100