Step 2 Run:
cpu-defend policy policy-name
An attack defense policy is created and the attack defense policy view is displayed.
The AR1200-S supports a maximum of 19 attack defense policies, including the default attack
defense policy. The default attack defense policy is automatically generated in the system by
default and is applied to all boards. The default attack defense policy cannot be deleted or
modified. The other 18 policies can be created and deleted.
Step 3 (Optional) Run:
description text
The description of the attack defense policy is configured.
Step 4 Run:
auto-defend enable
Automatic attack source tracing is enabled.
By default, attack source tracing is disabled.
Step 5 (Optional) Run:
auto-defend protocol { all | { arp | dhcp | icmp | igmp | tcp | telnet | ttl-
expired }
*
}
The types of traced packets are specified.
By default, the AR1200-S traces sources of ARP, DHCP, ICMP, IGMP, TCP, Telnet, and TTL-
expired packets after attack source tracing is enabled.
Step 6 (Optional) Run:
auto-defend trace-type { source-ip | source-mac | source-portvlan }
*
The attack source tracing modes are specified.
By default, the AR1200-S traces attack sources based on the source IP address, source MAC
address, and source interface plus VLAN.
Step 7 (Optional) Run:
auto-defend threshold threshold
The threshold for attack source tracing is set.
By default, the threshold for attack source tracing is 128 pps.
Step 8 (Optional) Run:
auto-defend action deny [ timer time-length ]
The AR1200-S is configured to drop packets sent from attack sources.
By default, the AR1200-S does not drop packets sent from attack sources.
Step 9 (Optional) Configure the alarm function for attack source tracing.
1. Run:
auto-defend alarm enable
The alarm function for attack source tracing is enabled.
By default, the alarm function for attack source tracing is disabled.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Security 9 Local Attack Defense Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
171
To Next Page
Loading...
Need help?
General
