Specifying Interface Types for Protocol Packets

Generally, a device uses an ACL to control the protocol packets to be sent to the CPU. The ACL can only control packets based on protocol types. If protocol packets are sent to the device, you can run the deny command to discard all the packets sent to the CPU or run the car command to set a rate limit for packets. However, packets received by different interfaces cannot be differentiated.

If an interface is attacked, the attack packets occupy bandwidth and valid protocol packets cannot be processed. To prevent attack packets, you can disable the device where the attacked interface is located. However, neither the attacked interface nor the other interfaces on the device can send packets to the CPU, affecting communication of the device.

You can configure the device to send different types of protocol packets to the CPU from different interfaces.

The priorities of Network-to-Network Interface (NNI), Enhanced Network Interface (ENI), and User-to-Network Interface (UNI) are in descending order. If the priority of an interface is higher or equivalent to the interface priority supported by the protocol packets, the protocol packets can be sent through this interface. For example, if the type of an interface is ENI and a protocol packet can take effect on an ENI or UNI interface, the protocol packet can be sent to the CPU through this ENI interface. However, if the protocol packet can only take effect on an NNI interface, the protocol packet is discarded by this interface. If the device receives attack packets, run the blacklist command to configure a blacklist so that the device can discard the attack packets.

Only the S5720-EI, S6720S-EI, and S6720-EI support this function.