新建会话
路由器在接口下:session-limit access-group 1 rate 500(新建会话数) concurrent (最大会话数)
端口防止***
交换机在接口下:system-guard enable
system-guard same-dest-ip-attack-packets 500
system-guard scam-dest-ip-attack-packets 500
非法向计算机传输包超过500
system-guard isolate-time 1000
禁止1000秒
交换机的qos
access 1 pe any
class-map ken
match access-group 1
policy-map ken
class ken
policy 2048(带宽) 512(突发量)exceed-action drop
接口下
service-policy input ken
域名过滤
ip url_filter rule 1 .www.ken.com 创建表归纳
ip url_filter category 1 1 关联
ip url_filter exclusive-domain 1 1 block in 应用接口
转载于:https://blog.51cto.com/asnliang/741134