< Home

deception aci suffix

Function

The deception aci suffix command sets an ACI suffix.

The undo deception aci suffix command restores the default ACI suffix.

The ACI suffix is aci by default.

Format

deception aci suffix suffix-value

undo deception aci suffix

Parameters

Parameter Description Value
suffix-value

Specifies the ACI suffix.

The value is a string of at most eight characters, including letters, digits, and hyphens (-). It must start with a letter.

Views

Deception view

Default Level

2: Configuration level

Usage Guidelines

An ACI suffix functions as an intranet access key. For example, if the IP address of the server in the detected network segment is 192.168.1.1, the server must be accessed only through 192.168.1.1.aci if the default ACI suffix is used. If the IP address of the server is directly accessed or the IP address with an incorrect ACI suffix is accessed, traffic is deceived to the Decoy or discarded.

After the ACI suffix is changed, you need to run the reset deception aci command to update the ACI entries. Otherwise, the old ACI suffix becomes invalid only after the ACI entries age. After the ACI entries are updated, the access initiated by a terminal is deceived when the DNS record of the terminal does not age. Therefore, change the ACI suffix when no service traffic exists.

Example

# Set the ACI suffix to testaci.

<HUAWEI> system-view
[HUAWEI] deception
[HUAWEI-deception] deception aci suffix testaci
Parent Topic: Network Deception Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >