< Home

Configuring a User-Defined Flow

Context

You can bind an ACL to a user-defined flow to specify characteristics of attack flows. When unknown attacks occur on the network, the device can identify attack data flows and limit the rate of data flows with the specified characteristics.

Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support this function.

If a blacklist and a user-defined flow reference the same ACL, the blacklist takes effect.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run cpu-defend policy policy-name

    The attack defense policy view is displayed.

  3. Run user-defined-flow flow-id acl acl-number

    A user-defined flow is configured.

    The ACL referenced by a user-defined flow can be a basic ACL, an advanced ACL, or a Layer 2 ACL. For details on how to create an ACL, see ACL Configuration.

    By default, no user-defined flow is configured.

    If the ACL applied to a user-defined flow includes a permit rule, the device uses the default value 64 kbit/s to limit the rate of packets matching the ACL. If the action for the user-defined flow is deny, the device discards the packets matching the ACL. If the ACL applied to a user-defined flow includes a deny rule, the device discards the packets matching the ACL.

    If an ACL has no rule, the user-defined flow that references the ACL does not take effect.

Parent Topic: Configuring CPU Attack Defense
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >