No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

ME60 V800R010C10SPC500 Configuration Guide - Security Hardening 01

This is ME60 V800R010C10SPC500 Configuration Guide - Security Hardening
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring an IPv6 MPAC Policy

Configuring an IPv6 MPAC Policy

An IPv6 Management Plane Access Control (MPAC) policy can be configured to filter IPv6 packets destined for the CPU.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run service-security policy ipv6 security-policy-name

    An IPv6 MPAC policy is created, and the IPv6 MPAC policy view is displayed.

  3. Add a rule to the IPv6 MPAC policy.

    Table 7-5 Rules for an IPv6 MPAC policy

    Protocol Type

    Command

    Remarks

    TCP or UDP

    rule [ rule-id ] [ name rule-name ] { permit | deny } protocol { tcp | tcp-protocol-number | udp | udp-protocol-number } [ [ source-port source-port-number ] | [ destination-port destination-port-number ] | [ source-ip { source-ipv6-address { source-ipv6-prefix-length | 0 } | any } ] | [ destination-ip { destination-ipv6-address { destination-ipv6-prefix-length | 0 } | any } ] ] *

    -

    BGP, DHCP-C, DHCP-R, FTP, IP, LDP, LSP ping, NTP, OSPF, PIM, RIP, RSVP, SNMP, SSH, Telnet, or TFTP

    rule [ rule-id ] [ name rule-name ] { permit | deny } protocol { ip-protocol-number | bgp | dhcp-c | dhcp-r | ftp | ip | ldp | lsp-ping | ntp | ospf | pim | rip | rsvp | snmp | ssh | telnet | tftp } [ [ source-ip { source-ipv6-address { source-ipv6-prefix-length | 0 } | any } ] | [ destination-ip { destination-ipv6-address { destination-ipv6-prefix-length | 0 } | any } ] ] *

    -

    Any protocol

    rule [ rule-id ] [ name rule-name ] { deny | permit } protocol any

    Exercise caution when using the rule [ rule-id ] deny protocol any command. After this command is applied globally, no protocol packets are sent to the CPU, causing the device to be out of management.

    SRH

    rule [ rule-id ] [ name rule-name ] { permit | deny } ipv6-ext-header source-routing-typer srh

    -

  4. (Optional) Run step step

    The step is configured for rules in the MPAC policy.

  5. (Optional) Run description text

    The description is configured for the MPAC policy.

  6. Run quit

    Return to the system view.

  7. Apply an IPv6 MPAC policy.

    • Apply an IPv6 MPAC policy globally.

      Run service-security global-binding ipv6 security-policy-name

      An MPAC policy is applied globally.

    • Apply an IPv6 MPAC policy to an interface.

      1. Run interface interface-type interface-number

        The interface view is displayed.

      2. Run service-security binding ipv6 security-policy-name

        The MPAC policy is applied to the interface.

    NOTE:
    The MPAC policies on a sub-interface, interface, or configured globally are listed in descending order of priorities. When different MPAC policies are applied globally, to an interface, and to a sub-interface, the MPAC policy on the sub-interface takes effect preferentially, and then the MPAC policy on the interface, and then the MPAC policy applied globally.

  8. Run commit

    The configuration is committed.

Translation
Download
Updated: 2019-01-04

Document ID: EDOC1100059445

Views: 7473

Downloads: 9

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next