< Home

ip anti-attack source-ip equals destination-ip drop

Function

The ip anti-attack source-ip equals destination-ip drop command enables the device to discard IP packets with the same source and destination IP addresses.

The undo ip anti-attack source-ip equals destination-ip drop command disables the device from discarding IP packets with the same source and destination IP addresses.

By default, the device does not discard IP packets with the same source and destination IP addresses.

Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735S-S, S5735-S-I, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support this command.

Format

ip anti-attack source-ip equals destination-ip drop

undo ip anti-attack source-ip equals destination-ip drop

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Generally, IP packets with the same source and destination IP addresses can be forwarded. When you determine that the IP packets are attack packets, you can use the ip anti-attack source-ip equals destination-ip drop command to enable the device to discard the IP packets.

Example

# Enable the device to discard IP packets with the same source and destination IP addresses.

<HUAWEI> system-view
[HUAWEI] ip anti-attack source-ip equals destination-ip drop
Parent Topic: IP Source Guard Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >