blacklist (upgrade-compatible command)

Function

The blacklist command configures an ACL-based blacklist.

By default, no blacklist is configured.

Format

blacklist blacklist-id acl acl-number soft-drop

Parameters

Parameter	Description	Value
acl acl-number	Indicates the ACL ID. The ACL referenced by a blacklist on the device can be a basic ACL, an advanced ACL, or a Layer 2 ACL.	The value is an integer that ranges from 2000 to 4999.
soft-drop	Indicates that the blacklist is implemented through software.	-
blacklist-id	Specifies the number of an ACL6 referenced by a blacklist.	The value is an integer that ranges from 2000 to 3999. 2000 to 2999: basic ACL6s 3000 to 3999: advanced ACL6s

Parameter

Description

Value

acl acl-number

Indicates the ACL ID. The ACL referenced by a blacklist on the device can be a basic ACL, an advanced ACL, or a Layer 2 ACL.

The value is an integer that ranges from 2000 to 4999.

soft-drop

Indicates that the blacklist is implemented through software.

blacklist-id

Specifies the number of an ACL6 referenced by a blacklist.

The value is an integer that ranges from 2000 to 3999.

2000 to 2999: basic ACL6s
3000 to 3999: advanced ACL6s

Views

System view, Attack defense policy view

Default Level

2: Configuration level

Usage Guidelines

A maximum of 8 blacklists can be configured in an attack defense policy on the device. You can set the attributes of a blacklist by defining ACL rules.

The packets sent from users in the blacklist are discarded after reaching the device.

Example

# Reference ACL 2001 in the blacklist.

<HUAWEI> system-view
[HUAWEI] cpu-defend policy test
[HUAWEI-cpu-defend-policy-test] blacklist acl 2001 soft-drop