sequence enable

Function

The sequence enable command enables enhanced E-Trunk sequence number verification.

The undo sequence enable command restores the default configuration.

By default, enhanced E-Trunk sequence number verification is disabled.

Format

sequence enable

undo sequence enable

Parameters

None

Views

E-Trunk view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
etrunk write

Usage Guidelines

Usage Scenario

In scenarios where an E-Trunk is created between PE1 and PE2 with PE1 functioning as the master device and PE2 as the backup device, if there is a network attack, the attacker obtains packets sent by PE1 in normal situations. If PE1 fails, the attacker will send the obtained packets to PE2. PE2 then considers that PE1 is still functioning and therefore still stays in the backup state, causing service interruptions.

To ensure proper traffic forwarding, run the sequence enable command to enable enhanced E-Trunk sequence number verification. This function helps identify attack packets.

Precautions

To enable enhanced E-Trunk sequence number verification, run the sequence?enable command on both master and backup E-Trunk devices. If the command is configured on only one device, sequence number verification fails and packets are discarded, resulting in two master E-Trunk devices.

The command undo sequence enable disables enhanced E-Trunk sequence number verification, causing E-Trunk being attacked. It is advised that the enhanced E-Trunk sequence number verification function is enabled.

Example

# Enable enhanced E-Trunk sequence number verification.
<HUAWEI> system-view
[~HUAWEI] e-trunk 1
[*HUAWEI-e-trunk-1] sequence enable
Parent Topic: Eth-Trunk Interface Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >