No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
cpu-defend application-apperceive enable

cpu-defend application-apperceive enable

Function

The cpu-defend application-apperceive enable command enables active link protection (ALP).

The undo cpu-defend application-apperceive enable command disables ALP.

By default, ALP is enabled for SSH, Telnet, and FTP.

Format

cpu-defend application-apperceive [ ssh | telnet | ftp ] enable

undo cpu-defend application-apperceive [ ssh | telnet | ftp ] enable

Parameters

Parameter

Description

Value

ssh

Indicates that the protocol type is SSH.

-

telnet

Indicates that the protocol type is Telnet.

-

ftp

Indicates that the protocol type is FTP.

NOTE:

If ftp is specified, ALP for FTP packets also takes effect for TFTP packets.

-

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

ALP protects session-based application layer data, including data of SSH, Telnet and FTP sessions to ensure uninterrupted services when attacks occur.

  • When the device communicates with another host or device using FTP, burst traffic of FTP packets occurs. As a result, burst traffic is discarded because it exceeds the rate limit after ALP is enabled on the device or services are interrupted because other FTP packets attack the device.

  • When the device attempts to establish an SSH or Telnet connection with another host or device, burst traffic of SSH or Telnet packets occurs. As a result, burst traffic is discarded because it exceeds the rate limit after ALP is enabled on the device or a connection fails to be established because other packets attack the device.

When the device detects setup of an SSH, Telnet, or FTP session, ALP is enabled to protect the session. The packets matching characteristics of the session are sent at a high rate; therefore, reliability and stability of session-related services are ensured.

Follow-up Procedure

Run the cpu-defend-policy command on a device to apply the attack defense policy. Then the device protects data flows using the rate limit specified in the active link protection function.

Example

# Enable ALP so that the rate limit after ALP is enabled in the attack defense policy mypolicy on the device takes effect.

<Huawei> system-view
[Huawei] cpu-defend policy mypolicy
[Huawei-cpu-defend-policy-mypolicy] application-apperceive packet-type ftp rate-limit 12600
[Huawei-cpu-defend-policy-mypolicy] quit
[Huawei] cpu-defend application-apperceive enable
[Huawei] cpu-defend-policy mypolicy
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 256662

Downloads: 144

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next