4-14 System Guard ConfigurationWhen configuring System Guard, go to these sections for information you are interested in:z System Guard Overviewz Configuring System Guardz Displaying and Maintaining System Guard ConfigurationSystem Guard OverviewGuard Against IP AttacksSystem-guard operates to inspect the IP packets over 10-second intervals for the CPU for suspicioussource IP addresses. Once the packets from such an IP address hit the predefined threshold, SystemGuard does one of the following:z The switch logs out the host (hereafter referred to as infected host) by automatically applying anACL rule and waits a certain period of time before resuming forwarding packets for that host.z If the packets from the infected host need processing by the CPU, the switch decreases theprecedence of such packets and discards the packets already delivered to the CPU.Guard Against TCN AttacksSystem Guard monitors the rate at which TCN/TC packets are received on the ports. If a port receivesan excessive number of TCN/TC packets within a given period of time, the switch sends only oneTCN/TC packet in every 10 seconds to the CPU and discards the rest TCN/TC packets, while outputtingtrap and log information.Layer 3 Error ControlWith the Layer 3 error control feature enabled, the switch delivers all Layer 3 packets that the switchconsiders to be error packets to the CPU.Configuring System GuardConfiguring System Guard Against IP AttacksConfiguration of System Guard against IP attacks includes these tasks:z Enabling System Guard against IP attacksz Setting the maximum number of infected hosts that can be concurrently monitoredz Configuring parameters related to MAC address learningFollow these steps to configure System Guard against IP attacks:To do... Use the command... RemarksEnter system view system-view —