No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - Security 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - Security
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Licensing Requirements and Limitations for Local Attack Defense--S2E

Licensing Requirements and Limitations for Local Attack Defense--S2E

Licensing Requirements

This feature is a basic feature and is not under license control.

Restrictions and Guidelines

Restrictions

Guidelines

Impact

When URPF is enabled on the sub-interface for dot1q VLAN tag termination, only URPF in lose mode can take effect. Even if URPF in stric mode is configured, URPF in lose mode takes effect.

None

If a packet unexpectedly matches an ACL, corresponding actions are implemented.

The TTL field in an ACL rule of a local attack defense policy takes effect only when a BGP port is configured, and the TTL field does not support neq matching.

None

CP-ACL does not support the TTL field matching for non-BGP protocol packets.

For the MPAC feature, if a UDP, such as NTP or LDP, is specified, the restrictions are as follows:

1. If the specified protocol is dhcp-c, only the UDP packets with the destination port number 68 are matched.

2. If the specified protocol is dhcp-r, only the UDP packets with the destination port number 67 are matched.

3. If the specified protocol is ldp, only the UDP packets with the destination port number 646 are matched.

4. If the specified protocol is lsp-ping, only the UDP packets with the destination port number 3503 are matched.

5. If the specified protocol is ntp, only the UDP packets with the destination port number 123 are matched.

6. If the specified protocol is snmp, only the UDP packets with the destination port number 161 are matched.

7. If the specified protocol is rip, only the UDP packets with the destination port number 520 are matched.

For the MPAC feature, if a UDP, such as NTP or LDP, is specified, the restrictions are as follows:

1. If the specified protocol is dhcp-c, only the UDP packets with the destination port number 68 are matched.

2. If the specified protocol is dhcp-r, only the UDP packets with the destination port number 67 are matched.

3. If the specified protocol is ldp, only the UDP packets with the destination port number 646 are matched.

4. If the specified protocol is lsp-ping, only the UDP packets with the destination port number 3503 are matched.

5. If the specified protocol is ntp, only the UDP packets with the destination port number 123 are matched.

6. If the specified protocol is snmp, only the UDP packets with the destination port number 161 are matched.

7. If the specified protocol is rip, only the UDP packets with the destination port number 520 are matched.

None

Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055397

Views: 19526

Downloads: 39

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next