< Home

auto-defend enable

Function

The auto-defend enable command enables automatic attack source tracing.

The undo auto-defend enable command disables automatic attack source tracing.

By default, attack source tracing is enabled.

Format

auto-defend enable

undo auto-defend enable

Parameters

None

Views

Attack defense policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A large number of attack packets may attack the device CPU. Attack source tracing enables the device to trace attack sources and send logs or alarms to notify the administrator so that the administrator can take measures to defend against the attacks. By default, logs are sent to notify the administrator if attack source tracing is enabled.

After automatic attack source tracing is enabled, the device traces the source of the specified packets sent to the CPU. The packet type can be set using the auto-defend protocol command.

Precautions

Attack source tracing configured in an attack defense policy takes effect only when the attack defense policy is applied in the system view.

If the system software of a switch in a version earlier than V200R009C00 is upgraded to V200R009C00 or later version, an undo auto-defend enable configuration is automatically generated.

Example

# Enable attack source tracing in the attack defense policy named test.

<HUAWEI> system-view
[HUAWEI] cpu-defend policy test
[HUAWEI-cpu-defend-policy-test] auto-defend enable
Parent Topic: Local Attack Defense Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >