auto-defend action
Function
The auto-defend action command enables attack source punish function and specifies a punish action.
The undo auto-defend action command disables the attack source punish function.
By default, the attack source punish function is disabled.
Parameters
| Parameter | Description | Value |
|---|---|---|
| deny | Discards packets sent from an attack source. | - |
| timer time-length | Specifies the period during which packets sent from an identified attack source are discarded. | The value ranges from 1 to 86400, in seconds. The default value is 300. |
| error-down | Shuts down an interface that receives attack packets. | - |
Usage Guidelines
Usage Scenario
The attack source tracing process consists of four phases: packet parsing, traffic analysis, attack source identification, and taking attack source punish actions. The auto-defend action command is applied to taking attack source punish actions. The device discards the packets sent from the identified source or shuts down the interface receiving attack packets.
If the auto-defend action is set to shutdown, run the error-down auto-recovery cause auto-defend interval interval-value command to set a recovery delay before the device is attacked. This command is invalid for the interface in error-down state.
Prerequisites
Attack source tracing has been enabled using the auto-defend enable command.
Precautions
If you run the auto-defend action command multiple times, only the latest configuration takes effect.
After the auto-defend action is set to deny, the device discards packets when being attacked. The configuration result can be verified using the display auto-defend attack-source command.
The device does not take punish actions on attack sources of whitelist users.
If the device shuts down the interface that receives the attack packets, services of authorized users on the interface are interrupted. Exercise caution when you configure the device to shut down the interface.
Example
# Configure the device to discard packets from the identified source every 10 seconds.
<HUAWEI> system-view [HUAWEI] cpu-defend policy test [HUAWEI-cpu-defend-policy-test] auto-defend enable [HUAWEI-cpu-defend-policy-test] auto-defend action deny timer 10 Info: This configuration may cause packet loss.