service-security binding

Function

The service-security binding command applies an MPAC policy to an interface.

The undo service-security binding command cancels the configuration.

By default, an MPAC policy is applied to an interface.

Format

service-security binding { ipv4 | ipv6 } security-policy-name

undo service-security binding { ipv4 | ipv6 }

Parameters

Parameter	Description	Value
ipv4	Specifies an IPv4 MPAC policy.	-
ipv6	Specifies an IPv6 MPAC policy.	-
security-policy-name	Specifies the name of an MPAC policy.	The value is a string of 1 to 31 case-sensitive characters without spaces and must start with a letter.

Parameter

Description

Value

ipv4

Specifies an IPv4 MPAC policy.

ipv6

Specifies an IPv6 MPAC policy.

security-policy-name

Specifies the name of an MPAC policy.

The value is a string of 1 to 31 case-sensitive characters without spaces and must start with a letter.

Views

100GE-Trunk member Layer 2 interface view, 100GE-Trunk member interface view, Layer 2 100GE interface view, 100ge sub-interface view, 100GE interface view, Layer 2 10GE interface view, 10GE sub-interface view, 10GE interface view, 10G LAN interface view, 10G WAN interface view, EVC view of a 10GE interface, 200GE sub-interface view, 25GE sub-interface view, 25GE interface view, 400GE sub-interface view, 400GE interface view, 40GE-Trunk member Layer 2 interface view, 40GE-Trunk member interface view, Layer 2 40GE interface view, 40GE sub-interface view, 40GE interface view, 50GE sub-interface view, 50GE interface view, Eth-Trunk interface view, FlexE sub-interface view, FlexE interface view, GE optical interface view, GE sub-interface view, GE interface view, GE electrical interface view, Global VE sub-interface view, Global VE interface view, VE sub-interface view, VE interface view, XGE sub-interface view, XGE interface view, Layer 2 sub-interface view, Sub-interface view, Management interface view

Default Level

2: Configuration level

Task Name and Operations

Task Name	Operations
hostdefend	write

Usage Guidelines

Usage Scenario

To prevent unauthorized users from attacking or controlling network devices, configure the management-plane access control function so that a policy can be used to send specified protocol packets to or prevent specified protocol packets from being sent to the CPU, improving device security and reliability and ensuring normal network running.

You can run the service-security binding command to apply an MPAC policy to an interface.

Prerequisites

An MPAC policy has been created using the service-security policy command.

Example

# Create an IPv6 MPAC policy and apply the policy to an interface.

<HUAWEI> system-view
[~HUAWEI] service-security policy ipv6 huawei1
[*HUAWEI-service6-sec-huawei1] rule 10 deny protocol tcp
[*HUAWEI-service6-sec-huawei1] quit
[*HUAWEI] interface GigabitEthernet 0/1/0
[*HUAWEI-GigabitEthernet0/1/0] service-security binding ipv6 huawei1

# Create an IPv4 MPAC policy and apply the policy to an interface.

<HUAWEI> system-view
[~HUAWEI] service-security policy ipv4 huawei
[*HUAWEI-service-sec-huawei] rule 5 permit protocol tcp source-port 1000 source-ip 127.1.1.1 0
[*HUAWEI-service-sec-huawei] quit
[*HUAWEI] interface GigabitEthernet 0/1/0
[*HUAWEI-GigabitEthernet0/1/0] service-security binding ipv4 huawei