The attack-trace location-type command configures the threshold for determining the location of an attack event.
The undo attack-trace location-type command deletes the configured threshold for determining the location of an attack event.
The default parameters for configuring the threshold for determining the location of an attack event are described in the parameter description.
attack-trace location-type { interface threshold threshold-value | sub-interface threshold threshold-value | vlan threshold threshold-value | source-mac threshold threshold-value | source-ip threshold threshold-value | qinq threshold threshold-value | vni threshold threshold-value }
undo attack-trace location-type { interface threshold [ threshold-value ] | sub-interface threshold [ threshold-value ] | vlan threshold [ threshold-value ] | source-mac threshold [ threshold-value ] | source-ip threshold [ threshold-value ] | qinq threshold [ threshold-value ] | vni threshold [ threshold-value ] }
| Parameter | Description | Value |
|---|---|---|
| interface |
Specifies the threshold for the percentage of the number of packets received on a physical interface to the total number of sampled packets. If the percentage is greater than or equal to the threshold, an attack event has occurred on the physical interface. |
- |
| threshold threshold-value |
Specifies the threshold for the percentage of the number of packets received to the total number of sampled packets. |
The value is an integer ranging from 3 to 99.
|
| sub-interface |
Specifies the threshold for the percentage of the number of packets received on a logical interface to the total number of sampled packets. If the percentage is greater than or equal to the threshold, an attack event has occurred on the logical interface. |
- |
| vlan |
Specifies the threshold for the percentage of the number of single-tagged VLAN packets with a specified VLAN ID to the total number of sampled packets. If the percentage is greater than or equal to the threshold, an attack event has occurred in the single VLAN. |
- |
| source-mac |
Specifies the threshold for the percentage of the number of packets with a specified source MAC address to the total number of sampled packets. If the percentage is greater than or equal to the threshold, an attack event has been initiated from this MAC address. |
- |
| source-ip |
Specifies the threshold for the percentage of the number of packets with a specified source IP address to the total number of sampled packets. If the percentage is greater than or equal to the threshold, an attack event has been initiated from this IP address. |
- |
| qinq |
Specifies the threshold for the percentage of the number of double-tagged VLAN packets with specified inner and outer VLAN IDs to the total number of sampled packets. If the percentage is greater than or equal to the threshold, an attack event has occurred in the inner and outer VLANs. |
- |
| vni |
Specifies the threshold for the percentage of the number of packets with a specified VNI to the total number of sampled packets. If the percentage is greater than or equal to the threshold, an attack event has occurred in the VNI. |
- |
Usage Scenario
If the threshold for determining the location of an attack event does not satisfy the existing network conditions, and attack event reports present incorrect or missing decisions on attack events, run the attack-trace location-type command to adjust the threshold for determining the location of an attack event based on actual conditions to allow attack source tracing to function precisely.
NOTE: interface, qinq, source-ip, source-mac, sub-interface, vni, and vlan parameters can be separately configured in different command instances, and the configurations do not override.Configuration Impact
Inappropriate attack source tracing thresholds may cause incorrect or missing decisions on attack events.
Precautions
It is recommended that you run this command with assistance from Huawei engineers.
In VS mode, this command is supported only by the admin VS.
<HUAWEI> system-view [~HUAWEI] soc [*HUAWEI-soc] attack-trace location-type interface threshold 25