The ma-defend-slot command applies a board-based policy for management and service plane protection to a specified interface board.
The undo ma-defend-slot command disables a board-based policy on a specified interface board.
By default, no board-based policy is applied to a specified interface board.
Usage Scenario
To help the device defend against attacks or unauthorized logins initiated by sending protocol packets, management and service plane protection is used to prevent packets of a specified protocol or all protocols from being sent to the CPU. Using management and service plane protection improves device security and reliability and ensures normal network operation.
A board-based policy takes effect on a specified interface board. It simplifies configuration comparing with the method involving configuration on each interface of the board. To apply a board-based policy to a specified interface board, run the ma-defend-slot command.Prerequisites
A board-based policy has been created.
Configuration Impact
After the ma-defend-slot command is run, the configured board-based policy will take effect.
Precautions
Only one board-based policy can be applied to an interface board. The ma-defend-slot command is cyclic in nature, and only the latest configuration takes effect.
In VS mode, this command is supported only by the admin VS.
<HUAWEI> system-view [~HUAWEI] ma-defend slot-policy 1 [*HUAWEI-app-sec-slot-1] protocol telnet deny [*HUAWEI-app-sec-slot-1] quit [*HUAWEI] slot 1 [*HUAWEI-slot-1] ma-defend-slot 1