ipv6-enhance acl enable

Function

The ipv6-enhance acl enable command matches some IPv6 packets to be sent to the CPU against the ACL that contains a blacklist, whitelist, or user-defined flow.

The undo ipv6-enhance acl enable command disables the function of matching some IPv6 packets to be sent to the CPU against the ACL that contains a blacklist, whitelist, or user-defined flow.

By default, the function of matching some IPv6 packets to be sent to the CPU against the ACL that contains a blacklist, whitelist, or user-defined flow is disabled.

Format

ipv6-enhance acl enable

undo ipv6-enhance acl enable

Parameters

None

Views

Attack defense policy view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
cpu-defend write

Usage Guidelines

Usage Scenario

When a device is attacked, run the ipv6-enhance acl enable command to match IPv6 packets to be sent to the CPU against the whitelist, blacklist, or user-defined flow. The packets matching the whitelist, blacklist, or user-defined flow are processed based on the action defined in the ACL. If a packet matches no whitelist, blacklist, or user-defined flow in the ACL, the packet is sent to the CPU using CP-CAR.

Precautions

In VS mode, this command is supported only by the admin VS.

Example

# Enable the enhanced IPv6 ACL function in attack defense policy 8.
<HUAWEI> system-view
[~HUAWEI] cpu-defend policy 8
[*HUAWEI-cpu-defend-policy-8] ipv6-enhance acl enable
Parent Topic: Local Attack Defense Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >