No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Configuration Guide - Security

CloudEngine 8800, 7800, 6800, and 5800 V200R005C10

This document describes the configurations of Security, including ACL, local attack defense, MFF, attack defense, traffic suppression and storm control, ARP security, Port security, DHCP snooping, ND snooping, PPPoE+, IPSG, SAVI, separating the management plane from the service plane, security risks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Attack Source Punish Actions

Configuring Attack Source Punish Actions


The device records the status of an interface as Error-Down when it detects that a fault occurs. The interface in Error-Down state cannot receive or send packets and the interface indicator is off.

A device with the punish actions configured identifies the attack source and performs punish actions on the attack source to protect the device. The punish actions include:
  • Discard the packets from the attack source.
  • Change the status of the interface receiving attack packets to Error-Down.

If the device changes the inbound interface status to Error-Down, services of authorized users on the interface are also interrupted. Exercise caution when you configure the device to shut down the interface.


  1. Run system-view

    The system view is displayed.

  2. Run cpu-defend policy policy-name

    The attack defense policy view is displayed.

  3. Run auto-defend enable

    Attack source tracing is enabled.

    By default, attack source tracing is disabled.

  4. Run auto-defend action { deny [ timeout time-length ] | error-down }

    The punish function is enabled and a punish action is configured.

    By default, the punish function is disabled.


    The device does not trace the source of users in the whitelist.

  5. Run commit

    The configuration is committed.

Follow-up Procedure

When an interface enters the Error-Down state, it is recommended that you identify the attack source and remove the attack first, and then recover the interface status.

An interface in Error-Down state can be recovered using either of the following methods:
  • Manual recovery (after an Error-Down event occurs):

    If a few interfaces need to be recovered, run the shutdown and undo shutdown commands in the interface view. Alternatively, run the restart command in the interface view to restart the interfaces.

  • Automatic recovery (before an Error-Down event occurs):

    If a large number of interfaces need to be recovered, manual recovery is time consuming and some interfaces may be omitted. To avoid this problem, you can run the error-down auto-recovery cause auto-defend interval command in the system view to enable automatic interface recovery and set the recovery delay time. You can run the display error-down recovery command to view information about automatic interface recovery.


    This method does not take effect on interfaces that are already in Error-Down state. It is effective only on interfaces that enter the Error-Down state after this configuration is complete.

Updated: 2019-04-20

Document ID: EDOC1100074765

Views: 23442

Downloads: 93

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next