attack-defend user-enable-group

Function

The attack-defend user-enable-group command configures a user-defined group for which attack defense is enabled and displays the user-defined group view.

The undo attack-defend user-enable-group command cancels the configuration.

By default, user-defined groups for which attack defense is enabled are not configured.

Format

attack-defend user-enable-group

undo attack-defend user-enable-group

Parameters

None

Views

SOC view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
soc write

Usage Guidelines

Usage Scenario

  • By default, the SOC's attack defense function is disabled. To configure a user-defined group for which attack defense is enabled, run the attack-defend user-enable-group command. After you specify specific protocol packets for the user-defined group, the device implements attack detection and attack source tracing and automatically delivers CAR parameters if detecting any specific protocol packets. This function isolates attacks or protects the device against attacks.
  • The attack defense granularity of the SOC is a physical interface and the VLAN to which the physical interface belongs. After the attack defense function is enabled, when a protocol attack is detected on a physical interface, rate limiting is applied to the protocol packets on the physical interface and the VLAN to which the physical interface belongs.
  • You can specify the following protocols for a user-defined group: FTP server, FTP client, SSH server, SSH client, SNMP, Telnet server, Telnet client, TFTP, BGP, LDP, RSVP, OSPFv2, RIP, OSPFv3, MSDP, PIM, IGMP, IS-IS, PIMv6, RADIUS, HWTACACS, LSP ping, ICMP, VRRP, BFD, DHCP, DNS client, Telnetv6 server, Telnetv6 client, ICMPv6, DNSv6, SSHv6 server, FTPv6 server, FTPv6 client, LACP, and BGPv6. For example, you can perform the following steps to enable a device to implement attack detection and attack source tracing and automatically deliver CAR parameters if detecting DHCP protocol packets:
  • Run the soc command to enable attack detection and attack source tracing and enter the SOC view.
  • Run the attack-defend user-enable-group command to configure a user-defined group for which attack defense is enabled and enter the user-defined group view.
  • Run the dhcp command to specify DHCP for the user-defined group.

    If a DHCP protocol attack is detected on a physical interface, rate limiting is applied to DHCP protocol packets on the physical interface to protect the device against attacks.

    NOTE:

    Only when attack events or sources are confirmed, you can run the

    attack-defend user-enable-group command to configure a user-defined group for which attack defense is enabled.

    For details, see (Optional) Enabling the User-defined Attack Defense Group Function.

In VS mode, this command is supported only by the admin VS.

Example

# Configure a user-defined group for which attack defense is enabled.
<HUAWEI> system-view
[~HUAWEI] soc
[*HUAWEI-soc] attack-defend user-enable-group
Parent Topic: SOC Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >