No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).



The packet-type command sets the rate limit for packets sent to the CPU.

The undo packet-type command restores the default rate limit for packets sent to the CPU.

By default, the default rate limit in the default attack defense policy is used to limit the packets sent to the CPU.


packet-type packet-type rate-limit rate-value { wired | wireless }

undo packet-type packet-type rate-limit { wired | wireless }






Specifies the protocol type.

The supported packet type depends on the device.

rate-limit rate-value

Specifies the rate limit of protocol packets.

The value is an integer that ranges from 1 to 4294967295, in pps.


Indicates non-CAPWAP-encapsulated packets.


Indicates CAPWAP-encapsulated packets.



Attack defense policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After an attack defense policy is created, if the device receives attack packets of a specified protocol or a large number of packets sent to the CPU, configure rate limit for the protocol packets in the attack defense policy. The device then limits the rate of these packets to protect the CPU.

By default, the device applies the rate limit defined in the default attack defense policy to protocol packets. You can also create an attack defense policy and run the packet-type command to set the rate limit of protocol packets. The configured rate limit overrides the default rate limit defined in the default attack defense policy.


An attack defense policy has been created using the cpu-defend policy command.


If you run the packet-type command with the same value of packet-type in the same attack defense policy view multiple times, only the latest configuration takes effect.

If the packet-type and deny commands are executed on the same type of protocol packets, the deny command takes effect.

The AD9431DN-24X does not support packets of the following protocol types: capwap-association, capwap-discovery, capwap-echo, capwap-keepalive, eoam-3ah, ftp-server, http-server, https-server, ip-option, rarp-reply, rarp-request, spectrum-analysis, ssh-server, sshv6-client, sshv6-server, telnet-server, telnetv6-client, telnetv6-server, unknown-multicast, unknown-packet, and wapi.


# Set the rate limit for ARP Reply packets that are not transmitted through CAPWAP tunnels to 1260 pps in the attack defense policy named mypolicy.

<Huawei> system-view
[Huawei] cpu-defend policy mypolicy 
[Huawei-cpu-defend-policy-mypolicy] packet-type arp-reply rate-limit 1260 wired
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 209086

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next