whitelist acl

Function

The whitelist acl command adds packets matching specific ACL rules to the whitelist.

The undo whitelist command deletes the added packets from the whitelist.

By default, no ACL rules are specified to add matching packet to the whitelist.

whitelist [ ipv6 ] acl { acl-number | name acl-name }

undo whitelist [ ipv6 ]

Parameter	Description	Value
ipv6	Configures an IPv6 whitelist. If this parameter is not specified, an IPv4 whitelist is configured.	-
acl-number	Specifies the number of an ACL.	It is an integer ranging from 2000 to 3999.
name acl-name	Specifies the name of an ACL.	The value is a string of 1 to 64 case-sensitive characters without spaces. The value must start with a letter (a to z or A to Z, case sensitive).

Parameter

Description

Value

ipv6

Configures an IPv6 whitelist. If this parameter is not specified, an IPv4 whitelist is configured.

acl-number

Specifies the number of an ACL.

It is an integer ranging from 2000 to 3999.

name acl-name

Specifies the name of an ACL.

The value is a string of 1 to 64 case-sensitive characters without spaces. The value must start with a letter (a to z or A to Z, case sensitive).

Attack defense policy view

2: Configuration level

Task Name	Operations
cpu-defend	write

Usage Scenario

You can flexibly configure a whitelist by defining ACL rules.

Prerequisites

ACL rules are configured.

Precautions

In VS mode, this command is supported only by the admin VS.

If a CAR value has been configured for the whitelist, you need to consider the impact on the configured CAR when binding an ACL rule.

# Add packets matching ACL 2001 to the whitelist in attack defense policy 8.

<HUAWEI> system-view
[~HUAWEI] acl 2001
[*HUAWEI-acl4-basic-2001] quit
[*HUAWEI] cpu-defend policy 8
[*HUAWEI-cpu-defend-policy-8] whitelist acl 2001