< Home

deception decoy

Function

The deception decoy command sets a Decoy IP address.

The undo deception decoy command deletes a Decoy IP address.

By default, no Decoy IP address is configured on the switch.

Format

deception decoy destination destination-ip [ source source-ip ] [ vpn-instance vpn-instance-name ] [ backup destination destination-ip [ source source-ip ] [ vpn-instance vpn-instance-name ] ]

undo deception decoy

Parameters

Parameter Description Value

source source-ip

Specifies the IP address used by a switch to connect to a Decoy.

If this parameter is not specified, the IP address of the outbound interface is used.

The value is in dotted decimal notation.

destination destination-ip

Specifies a Decoy IP address.

The value is in dotted decimal notation.

vpn-instance vpn-instance-name

Specifies the VPN instance of the Decoy.

The VPN instance must be an existing one on the device.

backup

Indicates the standby Decoy.

-

Views

Deception view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When detecting suspected attack traffic, the switch lures the traffic to a Decoy for further checks. Therefore, you must first run this command to configure the IP address of the Decoy.

If communication between the switch and active Decoy is abnormal, the switch sends the log and deceived traffic to the standby Decoy that can communicate with the switch.

Precautions

A switch cannot use the virtual IP address of a VRRP group or the IP address of the management network interface to connect to a Decoy.

Example

# Set the Decoy IP address to 10.1.1.1.

<HUAWEI> system-view
[HUAWEI] deception
[HUAWEI-deception] deception decoy destination 10.1.1.1
Parent Topic: Network Deception Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >