display cpu-defend policy

Function

The display cpu-defend policy command displays the attack defense policy configuration.

Format

display cpu-defend policy [ policy-name ]

Parameters

Parameter	Description	Value
policy-name	Displays the configuration of a specified attack defense policy. If policy-name is specified, information about the specified attack defense policy is displayed. If policy-name is not specified, information about all attack defense policies is displayed.	The attack defense policy must already exist.

Parameter

Description

Value

policy-name

Displays the configuration of a specified attack defense policy.

If policy-name is specified, information about the specified attack defense policy is displayed.
If policy-name is not specified, information about all attack defense policies is displayed.

The attack defense policy must already exist.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

After an attack defense policy is created, you can run the display cpu-defend policy command to view the stack ID that the attack defense policy is applied to and configurations of the attack defense policy.

Example

# Display information about all attack defense policies.

<HUAWEI> display cpu-defend policy 
  ----------------------------------------------------------------            
 Name  : default                                                                
 Related slot : <3>                                                              
  ----------------------------------------------------------------              
 Name  : test                                                                   
 Description : defend_arp_attack       
 Related slot : <mcu>

# Display information about the attack defense policy named test.

<HUAWEI> display cpu-defend policy test
 Description : defend_arp_attack         
 Related slot : <0>                                                             
 Configuration :                                                                
   Blacklist 1 ACL number : 2001                                                
   Car packet-type arp-request : CIR(128)  CBS(24064)                           
   Deny packet-type arp-reply                                                   
   Port-type eni packet-type arp-request
   Linkup-car packet-type  ftp : CIR(5000)  CBS(940000)

**Table 1** Description of the display cpu-defend policy command output
Item	Description
Name	Name of an attack defense policy. To configure an attack defense policy, run the cpu-defend policy command.
Description	Description of an attack defense policy. To configure a description for an attack defense policy, run the description command.
Related slot	Slot ID or stack ID that an attack defense policy is applied to. When mcu is displayed, it indicates the main control board.
Blacklist 1 ACL number	Number of an ACL defined in blacklist 1. To configure a blacklist, run the blacklist command.
Car packet-type arp-request	CIR values of ARP Request packets. To set the CIR values for ARP Request packets, run the car command.
Deny packet-type arp-reply	ARP Reply packets are discarded. To configure the device to discard ARP Reply packets, run the deny command.
Port-type eni packet-type arp-request	ARP Request packets are sent to the CPU through ENI ports.
Linkup-car packet-type ftp	CIR values of FTP packets after an FTP connection is set up. To set the CIR values of FTP packets after an FTP connection is set up, run the linkup-car and cpu-defend application-apperceive enable commands.