No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
auto-defend trace-type

auto-defend trace-type

Function

The auto-defend trace-type command configures an attack source tracing mode.

The undo auto-defend trace-type command deletes an attack source tracing mode.

By default, the device traces attack sources based on source MAC addresses, source IP addresses, and source ports+VLANs.

Format

auto-defend trace-type { source-mac | source-ip | source-portvlan }*

undo auto-defend trace-type { source-mac | source-ip | source-portvlan }*

Parameters

Parameter Description Value
source-mac Configures the device to trace attack sources based on source MAC addresses so that the device classifies and collects statistics based on the source MAC address and identifies the attack source. -
source-ip Configures the device to trace attack sources based on source IP addresses so that the device classifies and collects statistics based on the source IP address and identifies the attack source. -
source-portvlan Configures the device to trace attack sources based on source ports+VLANs so that the device classifies and collects statistics based on the source port and VLAN and identifies the attack source. -

Views

Attack defense policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After enabling attack source tracing, you can specify one or more attack source tracing modes. The device then uses the specified modes to trace attack sources.

The device supports the following attack source tracing modes:

  • Source IP address-based tracing: defends against Layer 3 attack packets.
  • Source MAC address-based tracing: defends against Layer 2 attack packets with a fixed source MAC address.
  • Source port+VLAN based tracing: defends against Layer 2 attack packets with different source MAC addresses.

Prerequisites

Attack source tracing has been enabled using the auto-defend enable command.

Precautions

If you run the auto-defend trace-type command multiple times, multiple attack source tracing modes are specified.

After the attack source tracing function is enabled on the device, you can run the display auto-defend attack-source command to view attack source tracing information if an attack occurs.

By default, the device traces attack sources based on source MAC addresses, source IP addresses, and source ports+VLANs. To cancel an attack source tracing mode, run the undo auto-defend trace-type command.

Example

# Configure the device to trace attack sources based on source MAC addresses.

<Huawei> system-view
[Huawei] cpu-defend policy test 
[Huawei-cpu-defend-policy-test] undo auto-defend trace-type source-ip source-portvlan
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 206656

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next