No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Security

S9300, S9300E, and S9300X V200R011C10

This document describes the configurations of Security, including ACL, reflective ACL, local attack defense, MFF, attack defense, traffic suppression and storm control, ARP security, port security, DHCP snooping, ND snooping, PPPoE+, IPSG, SAVI, URPF, keychain, separating the management plane from the service plane, security risks.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Specifying Interface Types for Protocol Packets

Specifying Interface Types for Protocol Packets

Context

Generally, a device uses an ACL to control the protocol packets to be sent to the CPU. The ACL can only control packets based on protocol types. If protocol packets are sent to the device (or card), you can run the deny command to discard all the packets sent to the CPU or run the car (attack defense policy view) command to set a rate limit for packets. However, packets received by different interfaces cannot be differentiated.

If an interface is attacked, the attack packets occupy bandwidth and valid protocol packets cannot be processed. To prevent attack packets, you can disable the card where the attacked interface is located. However, neither the attacked interface nor the other interfaces on the card can send packets to the CPU, affecting communication of the device.

You can configure the device to send different types of protocol packets to the CPU from different interfaces.

NOTE:

The priorities of Network-to-Network Interface (NNI), Enhanced Network Interface (ENI), and User-to-Network Interface (UNI) are in descending order. If the priority of an interface is higher or equivalent to the interface priority supported by the protocol packets, the protocol packets can be sent through this interface. For example, if the type of an interface is ENI and a protocol packet can take effect on an ENI or UNI interface, the protocol packet can be sent to the CPU through this ENI interface. However, if the protocol packet can only take effect on an NNI interface, the protocol packet is discarded by this interface. If the device receives attack packets, run the blacklist command to configure a blacklist so that the device can discard the attack packets.

LE1D2S04SEC0, LE1D2X32SEC0, and LE1D2H02QEC0 cards, and X series cards do not support this function.

The XGE interface connected to LE1D2FW00S01 does not support this function.

If the interfaces on LE1D2S04SEC0, LE1D2X32SEC0, or LE1D2H02QEC0 cards, or X series cards are included in an Eth-Trunk, the port type { uni | eni } command is invalid to the Eth-Trunk.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The interface view is displayed.

  3. Run port type { uni | eni | nni }

    The interface type is specified. The interface type can be NNI, UNI, or ENI.

    By default, the interface type is NNI.

  4. Run quit

    Return to the system view.

  5. Run cpu-defend policy policy-name

    The attack defense policy view is displayed.

  6. Run port-type { uni | eni | nni } packet-type packet-type

    The interface type is specified for the packets of a protocol. The interface type can be NNI, UNI, or ENI.

    To view the default types of interfaces sending protocol packets to the CPU, run the display cpu-defend configuration command.

Translation
Download
Updated: 2019-04-01

Document ID: EDOC1000178410

Views: 125986

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next