port dot1q-tunnel discard untag-frame

Function

The port dot1q-tunnel discard untag-frame command enables a Dot1q-tunnel interface to discard incoming untagged packets.

The undo port dot1q-tunnel discard untag-frame command disables a Dot1q-tunnel interface from discarding incoming untagged packets.

By default, a Dot1q-tunnel interface does not discard incoming untagged packets.

Format

port dot1q-tunnel discard untag-frame

undo port dot1q-tunnel discard untag-frame

Parameters

None

Views

Layer 2 100GE interface view, Layer 2 10GE interface view, 25GE-L2 view, 400GE-L2 view, Layer 2 40GE interface view, Layer 2 50GE interface view, Eth-Trunk interface view, Layer 2 GE interface view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
vlan write

Usage Guidelines

Usage Scenario

A Dot1q-tunnel interface processes only tagged packets. To prevent an untagged packet attack, run the port dot1q-tunnel discard untag-frame command to configure the Dot1q-tunnel to discard incoming untagged packets.

Prerequisites

If the current interface is a Layer 3 interface, it has been switched to a Layer 2 interface using the portswitch command.

Precautions

The port dot1q-tunnel discard untag-frame command takes effect only on Dot1q-tunnel interfaces.

Example

# Configure GE 0/1/1 to discard incoming untagged packets. 
<HUAWEI> system-view
[~HUAWEI] interface GigabitEthernet 0/1/1
[~HUAWEI-GigabitEthernet0/1/1] portswitch
[*HUAWEI-GigabitEthernet0/1/1] port link-type dot1q-tunnel
[*HUAWEI-GigabitEthernet0/1/1] port dot1q-tunnel discard untag-frame
Parent Topic: VLAN Configuration Commands
Copyright ? Huawei Technologies Co., Ltd.
Copyright ? Huawei Technologies Co., Ltd.
< Previous topic Next topic >