Licensing Requirements and Limitations for Local Attack DefenseInvolved Network ElementsOther network elements are not required. Licensing RequirementsConfiguration commands of local attack defense are available only after the S1720GW, S1720GWR, and S1720X have the license (WEB management to full management Electronic RTU License) loaded and activated and the switches are restarted. Configuration commands of local attack defense on other models are not under license control. For details about how to apply for a license, see Applying for Licenses in the S1720, S5700, and S6720 Series Switches License Usage Guide. Version RequirementsTable 1 Products and versions supporting local attack defenseProduct | Product Model | Software Version |
---|
S1700 | S1720GFR | V200R006C10, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00 | S1720GW and S1720GWR | V200R010C00, V200R011C00, V200R011C10, V200R012C00 | S1720GW-E and S1720GWR-E | V200R010C00, V200R011C00, V200R011C10, V200R012C00 | S1720X and S1720X-E | V200R011C00, V200R011C10, V200R012C00 | Other S1700 models | Models that cannot be configured using commands. For details about features and versions, see S1700 Documentation Bookshelf. | S2700 | S2700SI | V100R005C01, V100R006(C00&C01&C03&C05) | S2700EI | V100R005C01, V100R006(C00&C01&C03&C05) | S2710SI | V100R006(C03&C05) | S2720EI | V200R006C10, V200R009C00, V200R010C00, V200R011C10, V200R012C00 | S2750EI | V200R003C00, V200R005C00SPC300, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00 | S3700 | S3700SI and S3700EI | V100R005C01, V100R006(C00&C01&C03&C05) | S3700HI | V100R006C01, V200R001C00 | S5700 | S5700LI | V200R001C00, V200R002C00, V200R003(C00&C02&C10), V200R005C00SPC300, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00 | S5700S-LI | V200R001C00, V200R002C00, V200R003C00, V200R005C00SPC300, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00 | S5710-C-LI | V200R001C00 | S5710-X-LI | V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00 | S5700SI | V100R005C01, V100R006C00, V200R001C00, V200R002C00, V200R003C00, V200R005C00 | S5700EI | V100R005C01, V100R006(C00&C01), V200R001(C00&C01), V200R002C00, V200R003C00, V200R005(C00&C01&C02&C03) | S5710EI | V200R001C00, V200R002C00, V200R003C00, V200R005(C00&C02) | S5720EI | V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00 | S5720LI and S5720S-LI | V200R010C00, V200R011C00, V200R011C10, V200R012C00 | S5720SI and S5720S-SI | V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00 | S5720I-SI | V200R012C00 | S5700HI | V100R006C01, V200R001(C00&C01), V200R002C00, V200R003C00, V200R005(C00SPC500&C01&C02) | S5710HI | V200R003C00, V200R005(C00&C02&C03) | S5720HI | V200R006C00, V200R007(C00&C10), V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00 | S5730HI | V200R012C00 | S5730SI | V200R011C10, V200R012C00 | S5730S-EI | V200R011C10, V200R012C00 | S6700 | S6700EI | V100R006C00, V200R001(C00&C01), V200R002C00, V200R003C00, V200R005(C00&C01&C02) | S6720LI and S6720S-LI | V200R011C00, V200R011C10, V200R012C00 | S6720SI and S6720S-SI | V200R011C00, V200R011C10, V200R012C00 | S6720EI | V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00 | S6720S-EI | V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00 | S6720HI | V200R012C00 |
Feature LimitationsIn V200R011C10 and earlier versions, the attack source tracing function does not take effect on IPv6 packets. - The user-level rate limiting is available in the S6720HI, S5730HI and S5720HI of V200R009 and later versions.
- When packets match both user-level rate limiting rules and user-defined flow rules, the rate of these packets is limited based on the smaller rate limit value.
It is recommended that you disable user-level rate limiting on the network-side interfaces of an access switch and a gateway switch. The user-level rate limiting is enabled on interfaces by default. - S1720GFR, S2720, S2750, S5700SI, S5700LI, and S5700S-LI do not support the port attack defense function
|