< Home

deception aci lack decoy

Function

The deception aci lack decoy command sets the policy used in the case of a full ACI table to deceive.

The undo deception aci lack decoy sets the policy used in the case of a full ACI table to permit.

The policy used in the case of a full ACI table is permit by default.

Format

deception aci lack decoy

undo deception aci lack decoy

Parameters

None

Views

Deception view

Default Level

2: Configuration level

Usage Guidelines

The ACI table is space-limited. If there are a large number of intranet DNS requests and the ACI table cannot store new mappings, traffic will be deceived or permitted based on the configuration of this command.

To prevent a full ACI table, you can run the deception aci timeout command to set a shorter aging time for ACI entries.

Example

# Set the policy used in the case of a full ACI table to deceive.

<HUAWEI> system-view
[HUAWEI] deception
[HUAWEI-deception] deception aci lack decoy
 Warning: If the configured ACI resources are insufficient, the default action is decoy which affects services. Continue? [Y/N]:y
Parent Topic: Network Deception Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >