service-security policy

Function

The service-security policy command creates an MPAC policy or displays an MPAC policy view.

The undo service-security policy command deletes an MPAC policy.

By default, no MPAC policy is created.

Format

service-security policy { ipv4 | ipv6 } security-policy-name

undo service-security policy { ipv4 | ipv6 } [ security-policy-name ]

Parameters

Parameter	Description	Value
ipv4	Displays the service-sec policy view.	-
ipv6	Displays the service6-sec policy view.	-
security-policy-name	Specifies the name of an MPAC policy.	The value is a string of 1 to 31 case-sensitive characters without spaces and must start with a letter.

Parameter

Description

Value

ipv4

Displays the service-sec policy view.

ipv6

Displays the service6-sec policy view.

security-policy-name

Specifies the name of an MPAC policy.

The value is a string of 1 to 31 case-sensitive characters without spaces and must start with a letter.

Views

System view

Default Level

2: Configuration level

Task Name and Operations

Task Name	Operations
hostdefend	write

Usage Guidelines

Usage Scenario

To prevent unauthorized users from attacking or controlling network devices, configure the management-plane access control function so that a policy can be used to send specified protocol packets to or prevent specified protocol packets from being sent to the CPU, improving device security and reliability and ensuring normal network running.

Configuration Impact

After the undo service-security policy command is configured, all MPAC policy groups on the device are deleted.

Example

# Display the service6-sec policy view of a device.

<HUAWEI> system-view
[~HUAWEI] service-security policy ipv6 huawei1
[*HUAWEI-service6-sec-huawei1]

# Display the service-sec policy view of a device.

<HUAWEI> system-view
[~HUAWEI] service-security policy ipv4 huawei
[*HUAWEI-service-sec-huawei]