access packet strict-check
Function
The access packet strict-check command configures the device to strictly check user packets of a specific type.
The undo access packet strict-check command restores the default configuration.
By default, the device does not strictly check user packets.
This command is supported only on the NetEngine 8000 F1A.
Parameters
| Parameter | Description | Value |
|---|---|---|
| all |
Strictly checks all user packets. |
- |
| nd |
Strictly checks ND packets. |
- |
| dhcpv6 |
Strictly checks DHCPv6 packets. |
- |
| dhcp |
Strictly checks DHCP packets. |
- |
| ppp |
Strictly checks PPP packets. |
- |
| l2tp |
Strictly checks L2TP packets. |
- |
| dot1x |
Strictly checks dot1x packets. |
- |
Usage Guidelines
Usage Scenario
The device does not strictly check user packets by default. If the MAC address of the sent packets is not the one on the BAS interface, the user may still get a response. To protect the device from being attacked by malicious attacks, run the access packet strict-check command to strictly check user packets. The packets that do not comply with the standard protocol will be dropped.
Configuration Impact
After you configure a strict check on user packets, the packets that do not comply with the standard protocol are dropped. Additionally, if the end device does not strictly comply with the standard protocol, some users cannot log in. Therefore, exercise caution when running this command.
Precautions
In VS mode, this command is supported only by the admin VS.