No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).



The deny command configures the device to discard packets sent to the CPU.

The undo deny command restores the default action taken for the packets sent to the CPU.

By default, the device does not discard packets sent to the CPU. Instead, the device limits the rate of packets sent to the CPU using the default rate. You can check the rate limit of each type of packets using the display cpu-defend configuration command.


deny packet-type packet-type { wired | wireless }

undo deny packet-type packet-type { wired | wireless }


Parameter Description Value
packet-type packet-type Specifies the type of the packet to be discarded. The supported packet type depends on the device.

Indicates non-CAPWAP-encapsulated packets.


Indicates CAPWAP-encapsulated packets.



Attack defense policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After an attack defense policy is created, if the device receives attack packets of a specified type or a large number of packets sent to the CPU, run the deny command to configure the device to discard packets of the specified type sent to the CPU.


After the deny command is executed, the packet-type command cannot take effect. After the undo deny command is executed, you can run the packet-type command to set the rate limit for the packets sent to the CPU.

The AD9431DN-24X does not support packets of the following protocol types: capwap-association, capwap-discovery, capwap-echo, capwap-keepalive, eoam-3ah, ftp-server, http-server, https-server, ip-option, rarp-reply, rarp-request, spectrum-analysis, ssh-server, sshv6-client, sshv6-server, telnet-server, telnetv6-client, telnetv6-server, unknown-multicast, unknown-packet, and wapi.


# Configure the drop action taken for ARP Reply packets that are not transmitted through CAPWAP tunnels and to be sent to the CPU in the attack defense policy test.

<Huawei> system-view
[Huawei] cpu-defend policy test 
[Huawei-cpu-defend-policy-test] deny packet-type arp-reply wired
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 207348

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next