< Home

user-defined-flow

Function

The user-defined-flow command configures a user-defined flow.

The undo user-defined-flow command deletes a user-defined flow.

By default, no user-defined flow is configured.

Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support this command.

Format

user-defined-flow flow-id acl acl-number

undo user-defined-flow flow-id

Parameters

Parameter

Description

Value

flow-id

Specifies the ID of the user-defined flow.

The value is an integer that ranges from 1 to 8.

acl acl-number

Specifies the number of an Access Control List (ACL). The ACL referenced by a user-defined flow on the device can be a basic ACL, an advanced ACL, or a Layer 2 ACL.

The value is an integer that ranges from 2000 to 4999.

  • 2000 to 2999: basic ACLs
  • 3000 to 3999: advanced ACLs
  • 4000 to 4999: Layer 2 ACLs

Views

Attack defense policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When unknown attacks occur on the network, you can run the user-defined-flow command to bind an ACL rule with a user-defined flow. Then you can run the car user-defined-flow flow-id cir cir-value [ cbs cbs-value ] command to limit the rate of flows with the specific characteristic or run the deny user-defined-flow flow-id command to discard these flows.

Precautions

If an ACL containing the deny action is applied to the user-defined flow, packets matching the ACL are discarded.

Example

# Specify ACL 2001 as the rule of user-defined flow 2.

<HUAWEI> system-view
[HUAWEI] cpu-defend policy test
[HUAWEI-cpu-defend-policy-test] user-defined-flow 2 acl 2001
Parent Topic: Local Attack Defense Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic