No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Network Management and Monitoring

S2720, S5700, and S6720 V200R013C00

This document describes the configurations of Network Management and Monitoring, including SNMP, RMON, RMON2, LLDP, Performance Management, iPCA, NQA, Service Diagnosis, Mirroring, Packet Capture, NetStream, sFlow, TWAMP Light, NETCONF, ECA, Intelligent Video O&M, eMDI, and Network Deception.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Licensing Requirements and Limitations for Deception

Licensing Requirements and Limitations for Deception

Involved Network Elements

The deception function needs to be used together with the Decoy.

Licensing Requirements

Deception is a basic feature of a switch and is not under license control.

Version Requirements

Only the S5720HI, S5730HI, and S6720HI running V200R013C00 and later versions support the deception function.

Feature Limitations

  • You are advised to deploy DecoySensors on access switches.
  • There must be reachable routes between switches and the Decoy.
  • If a firewall is deployed between switches and the Decoy, you need to enable UDP ports 11514 and 10514 on the firewall.
  • The following configurations must be performed on the switch. Otherwise, the deception function does not take effect.
    • VLANIF interfaces are configured to send ARP packets destined for other devices to the CPU using the undo arp optimized-passby enable command.
    • The optimized ARP reply function is disabled using the arp optimized-reply disable command.
    • At least one of the detection network segment and the bait network segment must be configured.
  • The switch can only detect scanning of IP addresses on the same network segment as the primary IP address of the VLANIF interface.
  • A switch cannot use the virtual IP address of a VRRP group or the IP address of the management network interface to connect to a Decoy.
  • A bait network segment cannot contain the device management address and any network segment (0.0.0.0). Otherwise, the devices cannot be managed remotely.
  • To enable the Agile Controller-Campus to deliver associated policies to switches, configure the free mobility function on the switches and ensure that the switches can communicate with the Agile Controller-Campus.
Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100065680

Views: 52272

Downloads: 498

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next