The ma-defend-interface command applies an interface-based policy for management and service plane protection to a specified interface.
The undo ma-defend-interface command disables an interface-based policy on a specified interface.
By default, no interface-based policy is applied to a specified interface.
Usage Scenario
To help the device defend against attacks or unauthorized logins initiated by sending protocol packets, management and service plane protection is used to prevent packets of a specified protocol or all protocols from being sent to the CPU. Using management and service plane protection improves device security and reliability and ensures normal network operation.
An interface-based policy takes effect on a specified interface. It allows finer grained and more accurate management than a global or board-based policy To apply a configured interface-based policy to a specified interface, run the ma-defend interface-policy command.Prerequisites
An interface-based policy has been configured.
Configuration Impact
After the ma-defend-interface command has been run, the configured interface-based policy will take effect.
Precautions
Only one interface-based policy can be applied to an interface. The ma-defend-interface command is cyclic in nature, and only the latest configuration takes effect.
In VS mode, this command is supported only by the admin VS.
<HUAWEI> system-view [~HUAWEI] ma-defend interface-policy 7 [*HUAWEI-app-sec-interface-7] protocol snmp permit [*HUAWEI-app-sec-interface-7] quit [*HUAWEI] interface GigabitEthernet 0/1/20 [*HUAWEI-GigabitEthernet0/1/20] ma-defend-interface 7