No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
deny

deny

Function

The deny command configures the device to discard packets sent to the CPU.

The undo deny command restores the default action taken for the packets sent to the CPU.

By default, the device does not discard packets sent to the CPU. Instead, the device limits the rate of packets sent to the CPU using the default rate. You can check the rate limit of each type of packets using the display cpu-defend configuration command.

Format

deny packet-type packet-type { wired | wireless }

undo deny packet-type packet-type { wired | wireless }

Parameters

Parameter Description Value
packet-type packet-type Specifies the type of the packet to be discarded. The supported packet type depends on the device.
wired

Indicates non-CAPWAP-encapsulated packets.

-
wireless

Indicates CAPWAP-encapsulated packets.

-

Views

Attack defense policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After an attack defense policy is created, if the device receives attack packets of a specified type or a large number of packets sent to the CPU, run the deny command to configure the device to discard packets of the specified type sent to the CPU.

Precautions

After the deny command is executed, the packet-type command cannot take effect. After the undo deny command is executed, you can run the packet-type command to set the rate limit for the packets sent to the CPU.

The AD9431DN-24X does not support packets of the following protocol types: capwap-association, capwap-discovery, capwap-echo, capwap-keepalive, eoam-3ah, ftp-server, http-server, https-server, ip-option, rarp-reply, rarp-request, spectrum-analysis, ssh-server, sshv6-client, sshv6-server, telnet-server, telnetv6-client, telnetv6-server, unknown-multicast, unknown-packet, and wapi.

Example

# Configure the drop action taken for ARP Reply packets that are not transmitted through CAPWAP tunnels and to be sent to the CPU in the attack defense policy test.

<Huawei> system-view
[Huawei] cpu-defend policy test 
[Huawei-cpu-defend-policy-test] deny packet-type arp-reply wired
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 207348

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next