The service-security global-binding command binds an MPAC policy to a device globally.
The undo service-security global-binding command unbinds an MPAC policy from a device.
By default, no MPAC policy is globally applied.
service-security global-binding { ipv4 | ipv6 } security-policy-name
undo service-security global-binding { ipv4 | ipv6 }
| Parameter | Description | Value |
|---|---|---|
| ipv4 | Binds an IPv4 MPAC policy to a device globally. | - |
| ipv6 | Binds an IPv6 MPAC policy to a device globally. | - |
| security-policy-name | Specifies the name of an MPAC policy to be bound. | The value is a string of 1 to 31 case-sensitive characters without spaces. It must start with a letter. |
Usage Scenario
Some attackers may pose as authorized users to send protocol packets to network devices or control these devices. Such attacks affect network running. You can configure MPAC on network devices to allow the specified protocol packets to be sent to the CPUs or discard these packets, improving device security and reliability.
After an MPAC policy is created, run the service-security global-binding command to bind it to a device globally.
Prerequisites
An MPAC policy has been created using the service-security policy command.
# Create an IPv4 MPAC policy and apply it to a device globally.
<HUAWEI> system-view [HUAWEI] service-security policy ipv4 huawei [HUAWEI-service-sec-huawei] rule 5 permit protocol tcp source-port 1000 source-ip 127.1.1.1 0 [HUAWEI-service-sec-huawei] quit [HUAWEI] service-security global-binding ipv4 huawei
# Create an IPv6 MPAC policy and apply it to a device globally.
<HUAWEI> system-view [HUAWEI] service-security policy ipv6 huawei1 [HUAWEI-service6-sec-huawei1] rule 10 deny protocol tcp [HUAWEI-service6-sec-huawei1] quit [HUAWEI] service-security global-binding ipv6 huawei1