The service-security global-binding command applies an MPAC policy globally on a device.
The undo service-security global-binding command cancels the configuration.
By default, an MPAC policy is not applied globally on a device.
Usage Scenario
To prevent unauthorized users from attacking or controlling network devices, configure the management-plane access control function so that a policy can be used to send specified protocol packets to or prevent specified protocol packets from being sent to the CPU, improving device security and reliability and ensuring normal network running.
You can run the service-security global-binding command to apply an MPAC policy globally on a device.Prerequisites
An MPAC policy has been created using the service-security policy command.
<HUAWEI> system-view [~HUAWEI] service-security policy ipv6 huawei1 [*HUAWEI-service6-sec-huawei1] rule 10 deny protocol tcp [*HUAWEI-service6-sec-huawei1] quit [*HUAWEI] service-security global-binding ipv6 huawei1
<HUAWEI> system-view [~HUAWEI] service-security policy ipv4 huawei [*HUAWEI-service-sec-huawei] rule 5 permit protocol tcp source-port 1000 source-ip 127.1.1.1 0 [*HUAWEI-service-sec-huawei] quit [*HUAWEI] service-security global-binding ipv4 huawei