Configuring an Interface-based Policy for Management and Service Plane Protection

An interface-based policy for management and service plane protection can be applied to an interface to filter packets of certain types.

Context

An interface-based policy takes effect only on the specified interface.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ma-defend interface-policy interface-policy-id

    An interface-based policy for management and service plane protection is created.

  3. Run protocol { { bgp | ftp | isis | ldp | ospf | pimsm | rip | rsvp | snmp | ssh | telnet | tftp } | ipv6 { bgp4plus | ftp | ospfv3 | ssh | telnet | pimsm } } { permit | deny }

    A rule about whether to send the packets of specified protocols to the CPU is configured in the interface-based policy.

    If all the active interfaces enabled with FTP, SSH, SNMP, TFTP, or TELNET are Down, connectivity to the device will be interrupted. (An active interface is an interface that can properly receive and send packets.) To ensure connectivity to the device, configure additional active interfaces and enable these protocols on them.

  4. Run quit

    Return to the system view.

  5. Run interface interface-type interface-number

    The interface view is displayed.

  6. Run ma-defend-interface ma-defend-intf-policyid

    The configured interface-based policy is applied to the interface.

  7. Run commit

    The configuration is committed.

Parent Topic: Configuring Management and Service Plane Protection
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >