No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Network Management and Monitoring

S2720, S5700, and S6720 V200R013C00

This document describes the configurations of Network Management and Monitoring, including SNMP, RMON, RMON2, LLDP, Performance Management, iPCA, NQA, Service Diagnosis, Mirroring, Packet Capture, NetStream, sFlow, TWAMP Light, NETCONF, ECA, Intelligent Video O&M, eMDI, and Network Deception.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Maintaining Deception

Maintaining Deception

Context

You can run the following commands to check the deception status and statistics, update the deception status, or clear deception statistics.

Procedure

  • Check the deception status.

    • Run the display deception instance command in any view to check whether the deception process is normal.
    • Run the display deception ip-state [ ip-address ] [ verbose ] command in any view to check whether the IP addresses scanned by the switch are online.
    • Run the display deception arp-proxy command in any view to check the interface IP address of the switch and the target IP addresses in the proxy ARP requests sent to the switch in the online IP address table.
    • Run the display deception arp-request [ source ip-address ] command in any view to check the IP address scanning behavior detected by the switch.
    • Run the display deception syn-connect [ source-ip ip-address ] command in any view to check the TCP port scanning behavior detected by the switch.
    • Run the display deception ip-redirect [ source-ip ip-address ] [ destination-ip ip-address ] [ destination-port port ] command in any view to check information about deceived traffic due to the scanning of offline IP addresses.
    • Run the display deception port-redirect [ source-ip ip-address ] [ destination-ip ip-address ] [ destination-port port ] command in any view to check information about deceived traffic due to the scanning of unopened TCP ports.
    • Run the display deception flow [ slot slot-id ] command in any view to check the deception flow table.
    • Run the display deception config-flow [ slot slot-id ] command in any view to check the configuration flow table.

  • Update the deception status.

    • Run the reset deception ip-state command in the user view to update the online status of the IP addresses on the network where the switch resides.
    • Run the reset deception port-redirect [ source-ip ip-address ] [ destination-ip ip-address ] [ destination-port port ] command in the user view to clear information about deceived traffic that scanned unopened TCP ports and stops TCP port deception.
    • Run the reset deception arp-proxy command in the user view to clear the interface IP address of the switch and the target IP addresses in the proxy ARP requests sent to the switch in the online IP address table.

  • Check deception statistics.

    • Run the display deception statistics command in any view to check the deception statistics.

  • Clear deception statistics.

    • Run the reset deception statistics command in the user view to clear the deception statistics.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100065680

Views: 59223

Downloads: 516

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next