No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Security

S9300, S9300E, and S9300X V200R011C10

This document describes the configurations of Security, including ACL, reflective ACL, local attack defense, MFF, attack defense, traffic suppression and storm control, ARP security, port security, DHCP snooping, ND snooping, PPPoE+, IPSG, SAVI, URPF, keychain, separating the management plane from the service plane, security risks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Licensing Requirements and Limitations for Local Attack Defense

Licensing Requirements and Limitations for Local Attack Defense

Involved Network Elements

Other network elements are not required.

Licensing Requirements

Local attack defense is a basic feature of a switch and is not under license control.

Version Requirements

Table 3-1  Products and versions supporting local attack defense

Product

Product Model

Software Version

S9300

S9303, S9306, S9312

V100R002, V100R003, V100R006(C00&C01), V200R001C00, V200R002C00, V200R003C00, V200R005C00SPC300, V200R006C00, V200R007C00, V200R008(C00&C10), V200R009C00, V200R010C00, V200R011C10

S9300

S9310

V200R010C00, V200R011C10

S9300X

S9310X

V200R010C00, V200R011C10

S9300E

S9303E, S9306E, S9312E

V200R001C00, V200R002C00, V200R003C00, V200R005C00SPC300, V200R006C00, V200R007C00, V200R008(C00&C10), V200R009C00, V200R010C00, V200R011C10

NOTE:
To know details about software mappings, see Hardware Query Tool.

Feature Limitations

  • In V200R009C00 and earlier versions, the attack source tracing function does not take effect on IPv6 packets.

  • The user-level rate limiting is available in the LE1D2S04SEC0, LE1D2X32SEC0, and LE1D2H02QEC0 cards, and X series cards of V200R009 and later versions.
  • It is recommended that you disable user-level rate limiting on the network-side interfaces of an access switch and a gateway switch. The user-level rate limiting is enabled on interfaces by default.

  • The packets destined for the local switch are sent to the CPU. After functions related to some protocols such as BGP, OSPF, and LACP are enabled, packets of these protocols are also sent to the CPU. If packets sent to the CPU match both CPCAR and a traffic classification rule in a traffic policy, but the actions to be taken conflict with each other, CPCAR takes effect.
Translation
Download
Updated: 2019-04-01

Document ID: EDOC1000178410

Views: 126595

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next