No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


NE40E V800R010C10SPC500 Feature Description - Security 01

This is NE40E V800R010C10SPC500 Feature Description - Security
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Overview of MPAC

Overview of MPAC


The Management Plane Access Control (MPAC) function protects devices from attacks.

MPAC enables devices to filter packets destined for the CPU based on rules specified in an MPAC policy and discard unnecessary packets, which helps prevent attacks to the CPU.


On an Internet service provider (ISP) network, user-side interfaces on a local device receive a great number of packets to be forwarded to the CPU. Some packets attempt to initiate attacks to the CPU. If too many packets rush to the CPU, CPU usage increases sharply and device performance deteriorates, which affects services running on the device. Frequently sending attack packets to the CPU causes the CPU to be busy processing packets, which affects other services or even causes a system crash.

An MPAC policy can be configured on sub-interfaces, physical interfaces, and the entire device to allow the device to send valid packets to the CPU and to discard attack packets, which prevents attacks to the CPU. MPAC is enabled to protect TCP/IP-based control plane protocols from Denial of Service (DoS) attacks. For example, an attacker keeps sending packets to a device by simulating a routing protocol. The device receives and processes the attack packets as valid packets. As a result, the device becomes extremely busy, and its CPU usage increase. To prevent CPU overload, you can set an MPAC rule to enable the device to drop forged packets destined for the CPU.

Updated: 2019-01-03

Document ID: EDOC1100055047

Views: 12639

Downloads: 29

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next