The ma-defend global-policy command creates a global policy for management and service plane protection and enter the global policy view.
The undo ma-defend global-policy command deletes a created global policy for management and service plane protection.
By default, the global policy for management and service plane protection is not created.
Usage Scenario
To help the Router defend against attacks or unauthorized logins initiated by sending protocol packets, management and service plane protection is used to prevent packets of a specified protocol or all protocols from being sent to the CPU. Using management and service plane protection improves device security and reliability and ensures normal network operation.
A global policy takes effect on an entire Router. It simplifies configuration comparing with the method involving configuration on each interface of the entire Router. To configure a global policy, run the ma-defend global-policy command.Configuration Impact
After a global policy has been configured and its rule has also been configured to discard packets of a specified protocol or all protocols, specified packets are directly discarded after arriving at any interface on the device.
Follow-up Procedure
Run the protocol command to configure a rule for accepting or discarding packets of a specified protocol or all protocols before they are sent to the CPU.
Run the enable command to apply the global policy to the device, allowing this policy to take effect. You can also configure an interface-based policy and apply it to a specified interface, or configure a board-based policy and apply it to a specified board.Precautions
If no rule is configured in a global policy, global management and service plane protection or its policy does not take effect.
In VS mode, this command is supported only by the admin VS.