No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Configuration Guide - Security

S7700 and S9700 V200R011C10

This document describes the configurations of Security, including ACL, reflective ACL, local attack defense, MFF, attack defense, traffic suppression and storm control, ARP security, port security, DHCP snooping, ND snooping, PPPoE+, IPSG, SAVI, URPF, keychain, separating the management plane from the service plane, security risks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Licensing Requirements and Limitations for Local Attack Defense

Licensing Requirements and Limitations for Local Attack Defense

Involved Network Elements

Other network elements are not required.

Licensing Requirements

Local attack defense is a basic feature of a switch and is not under license control.

Version Requirements

Table 3-1  Products and versions supporting local attack defense


Product Model

Software Version


S7703, S7706 and S7712

V100R003C01, V100R006C00, V200R001(C00&C01), V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C10


S9703, S9706 and S9712

V200R001(C00&C01), V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007(C00&C10), V200R008C00, V200R009C00, V200R010C00, V200R011C10

To know details about software mappings, see Hardware Query Tool.

Feature Limitations

  • In V200R009C00 and earlier versions, the attack source tracing function does not take effect on IPv6 packets.

  • The user-level rate limiting is available in the X series cards of V200R009 and later versions.
  • It is recommended that you disable user-level rate limiting on the network-side interfaces of an access switch and a gateway switch. The user-level rate limiting is enabled on interfaces by default.

  • The packets destined for the local switch are sent to the CPU. After functions related to some protocols such as BGP, OSPF, and LACP are enabled, packets of these protocols are also sent to the CPU. If packets sent to the CPU match both CPCAR and a traffic classification rule in a traffic policy, but the actions to be taken conflict with each other, CPCAR takes effect.
Updated: 2019-04-01

Document ID: EDOC1000178319

Views: 145138

Downloads: 78

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next