< Home

deny (upgrade-compatible command)

Function

The deny command sets the discard action taken for packets sent to the CPU.

The undo deny command restores the default action taken for packets sent to the CPU.

By default, the device limits the rate of protocol packets and user-defined flows based on the CAR configuration.

Format

deny packet-type bpdu

deny packet-type ftp-dynamic

deny packet-type hotlimit

deny packet-type smlk-rrpp

deny packet-type nac-dhcp

undo deny packet-type bpdu

undo deny packet-type ftp-dynamic

undo deny packet-type hotlimit

undo deny packet-type smlk-rrpp

undo deny packet-type nac-dhcp

Parameters

Parameter Description Value

packet-type bpdu

Discards BPDU packets.

-

packet-type ftp-dynamic

Discards ftp-dynamic packets.

-

packet-type hotlimit

Discards hop-limit packets.

-

packet-type smlk-rrpp

Discards smlk-rrpp packets.

-

packet-type nac-dhcp

Discards nac-dhcp packets.

-

Views

Attack defense policy view

Default Level

2: Configuration level

Usage Guidelines

If you run the deny and car commands for the same type of packets sent to the CPU, the command that runs later takes effect. The undo deny command restores the default action taken for packets sent to the CPU. After you run this command, the system limits the rate of packets sent to the CPU based on the configured CIR and CBS values.

Example

# Set the discard action taken for bpdu packets sent to the CPU attack in defense policy test.

<HUAWEI> system-view
[HUAWEI] cpu-defend policy test 
[HUAWEI-cpu-defend-policy-test] deny packet-type bpdu
Parent Topic: Local Attack Defense Compatible Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic