auto-defend protocol
Function
The auto-defend protocol command specifies the types of protocol packets that the device monitors in attack source tracing.
The undo auto-defend protocol command deletes specified types of protocol packets that the device monitors in attack source tracing.
By default, the device traces sources of 8021X, ARP, DHCP, DHCPv6, ICMP, ICMPv6, IGMP, MLD, ND, TCP, TCPv6, Telnet in attack source tracing.
Format
auto-defend protocol { all | { 8021x | arp | dhcp | dhcpv6 | icmp | icmpv6 | igmp | mld | nd | tcp | tcpv6 | telnet | ttl-expired | udp | udpv6 }* }
undo auto-defend protocol { 8021x | arp | dhcp | dhcpv6 | icmp | icmpv6 | igmp | mld | nd | tcp | tcpv6 | telnet | ttl-expired | udp | udpv6 }*
S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735-S-I, and S5735S-S do not support tcpv6 parameter.
Parameters
Parameter |
Description |
Value |
|---|---|---|
all |
Configures the device to trace sources of 8021X, ARP, DHCP, DHCPv6, ICMP, ICMPv6, IGMP, MLD, ND, TCP, TCPv6, Telnet, TTL-expired, UDPv6, and UDP packets in attack source tracing. |
- |
8021x |
Adds 8021X packets to the list of traced packets or deletes 8021X packets from the list. |
- |
arp |
Adds Address Resolution Protocol (ARP) packets to the list of traced packets or deletes ARP packets from the list. |
- |
dhcp |
Adds Dynamic Host Configuration Protocol (DHCP) packets to the list of traced packets or deletes DHCP packets from the list. |
- |
dhcpv6 |
Adds Dynamic Host Configuration Protocol for IPv6 (DHCPv6) packets to the list of traced packets or deletes DHCPv6 packets from the list. |
- |
icmp |
Adds Internet Control Message Protocol (ICMP) packets to the list of traced packets or deletes ICMP packets from the list. |
- |
icmpv6 |
Adds Internet Control Message Protocol for IPv6 (ICMPv6) packets to the list of traced packets or deletes ICMPv6 packets from the list. |
- |
igmp |
Adds Internet Group Management Protocol (IGMP) packets to the list of traced packets or deletes IGMP packets from the list. |
- |
mld |
Adds Internet Group Management Protocol (MLD) packets to the list of traced packets or deletes MLD packets from the list. |
- |
nd |
Adds Internet Group Management Protocol (ND) packets to the list of traced packets or deletes ND packets from the list. |
- |
tcp |
Adds Transmission Control Protocol (TCP) packets to the list of traced packets or deletes TCP packets from the list. |
- |
tcpv6 |
Adds Transmission Control Protocol for IPv6 (TCPv6) packets to the list of traced packets or deletes TCPv6 packets from the list. |
- |
telnet |
Adds Telnet packets to the list of traced packets or deletes Telnet packets from the list. |
- |
ttl-expired |
Adds TTL-expired packets to the list of traced packets or deletes these packets from the list. |
- |
udp |
Adds User Datagram Protocol (UDP) packets to the list of traced packets or deletes UDP packets from the list. |
- |
udpv6 |
Adds User Datagram Protocol for IPv6 (UDPv6) packets to the list of traced packets or deletes UDPv6 packets from the list. |
- |
Usage Guidelines
Usage Scenario
The attack source tracing process consists of four phases: packet parsing, traffic analysis, attack source identification, and taking attack source punish actions. The auto-defend protocol command is applied to the packet parsing phase. When an attack occurs, you cannot identify the type of attack packets. The auto-defend protocol command allows you to flexibly specify the types of traced packets.
Prerequisites
Attack source tracing has been enabled using the auto-defend enable command.
Precautions
- If you run this command multiple times, only the latest configuration takes effect.
- If a packet type is specified, when the device is attacked and the attack source is traced, you can run the display auto-defend attack-source command to view attack source information.