Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring CPU Attack Defense
With the CPU attack defense function, the device limits the rate of packets sent to the CPU to protect the CPU.
Pre-configuration Tasks
Before configuring CPU attack defense, complete the following tasks:
- Connect interfaces and set physical parameters for the interfaces to ensure that the physical status of the interfaces is Up.
- Configure an ACL for blacklist, if necessary.
Configuration Procedure
Before configuring CPU attack defense, create an attack defense policy. The other tasks can be performed in any sequence and can be selected as required. An attack defense policy takes effect only after it is applied to an object. There is no limitation on when the attack defense policy is applied.
- Creating an Attack Defense Policy
- Configuring a Blacklist
- Configuring the Filter
- Configuring a Rule for Sending Packets to the CPU
- Configuring Rules for the Switch to Limit the Rate of Packets in Enhanced Mode
- Configuring Port-based Automatic Local Attack Defense
- Configuring Host Attack Defense
- Applying an Attack Defense Policy
- Verifying the CPU Attack Defense Configuration