< Home

cpu-defend-policy

Function

The cpu-defend-policy command applies an attack defense policy.

The undo cpu-defend-policy command cancels the application of an attack defense policy.

By default, the default attack defense policy is applied to the switch.

Format

The stack-incapable models support the following commands:

cpu-defend-policy policy-name global

undo cpu-defend-policy { policy-name global | global }

Other models support the following format:

cpu-defend-policy policy-name [ global ]

undo cpu-defend-policy [ policy-name ] [ global ]

Parameters

Parameter Description Value
policy-name
Specifies the name of an attack defense policy.
  • If the global keyword is specified, the attack defense policy is applied to the switching chip.

  • If the global keyword is not specified, the attack defense policy is applied to the CPU. Only the attack defense policies that limit the rates of packets sent to the CPU can be applied to the CPU. Other types of attack defense policies are not applicable to the CPU, so configuring such policies cannot protect the CPU.

 The attack defense policy must already exist.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After an attack defense policy is created, you must apply the policy in the system view. Otherwise, the attack defense policy does not take effect.

Prerequisites

An attack defense policy has been created by using the cpu-defend policy command.

Example

# Apply the attack defense policy named test to all devices.
<HUAWEI> system-view
[HUAWEI] cpu-defend policy test
[HUAWEI-cpu-defend-policy-test] quit
[HUAWEI] cpu-defend-policy test global
Parent Topic: Local Attack Defense Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >