Attack

Mohamed_Mostafa · Created Jan 13, 2019 09:21:22

Licensing Requirements and Limitations for Local Attack Defense

Involved Network Elements

Other network elements are not required.

Licensing Requirements

Configuration commands of local attack defense are available only after the S1720GW, S1720GWR, and S1720X have the license (WEB management to full management Electronic RTU License) loaded and activated and the switches are restarted. Configuration commands of local attack defense on other models are not under license control.

For details about how to apply for a license, see Applying for Licenses in the S1720, S5700, and S6720 Series Switches License Usage Guide.

Version Requirements

**Table 1** Products and versions supporting local attack defense
Product	Product Model	Software Version
S1700	S1720GFR	V200R006C10, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00
	S1720GW and S1720GWR	V200R010C00, V200R011C00, V200R011C10, V200R012C00
	S1720GW-E and S1720GWR-E	V200R010C00, V200R011C00, V200R011C10, V200R012C00
	S1720X and S1720X-E	V200R011C00, V200R011C10, V200R012C00
	Other S1700 models	Models that cannot be configured using commands. For details about features and versions, see S1700 Documentation Bookshelf.
S2700	S2700SI	V100R005C01, V100R006(C00&C01&C03&C05)
	S2700EI	V100R005C01, V100R006(C00&C01&C03&C05)
	S2710SI	V100R006(C03&C05)
	S2720EI	V200R006C10, V200R009C00, V200R010C00, V200R011C10, V200R012C00
	S2750EI	V200R003C00, V200R005C00SPC300, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00
S3700	S3700SI and S3700EI	V100R005C01, V100R006(C00&C01&C03&C05)
S3700	S3700HI	V100R006C01, V200R001C00
S5700	S5700LI	V200R001C00, V200R002C00, V200R003(C00&C02&C10), V200R005C00SPC300, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00
	S5700S-LI	V200R001C00, V200R002C00, V200R003C00, V200R005C00SPC300, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00
	S5710-C-LI	V200R001C00
	S5710-X-LI	V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00
	S5700SI	V100R005C01, V100R006C00, V200R001C00, V200R002C00, V200R003C00, V200R005C00
	S5700EI	V100R005C01, V100R006(C00&C01), V200R001(C00&C01), V200R002C00, V200R003C00, V200R005(C00&C01&C02&C03)
	S5710EI	V200R001C00, V200R002C00, V200R003C00, V200R005(C00&C02)
	S5720EI	V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00
	S5720LI and S5720S-LI	V200R010C00, V200R011C00, V200R011C10, V200R012C00
	S5720SI and S5720S-SI	V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00
	S5720I-SI	V200R012C00
	S5700HI	V100R006C01, V200R001(C00&C01), V200R002C00, V200R003C00, V200R005(C00SPC500&C01&C02)
	S5710HI	V200R003C00, V200R005(C00&C02&C03)
	S5720HI	V200R006C00, V200R007(C00&C10), V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00
	S5730HI	V200R012C00
	S5730SI	V200R011C10, V200R012C00
	S5730S-EI	V200R011C10, V200R012C00
S6700	S6700EI	V100R006C00, V200R001(C00&C01), V200R002C00, V200R003C00, V200R005(C00&C01&C02)
	S6720LI and S6720S-LI	V200R011C00, V200R011C10, V200R012C00
	S6720SI and S6720S-SI	V200R011C00, V200R011C10, V200R012C00
	S6720EI	V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00
	S6720S-EI	V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00
	S6720HI	V200R012C00

Feature Limitations

In V200R011C10 and earlier versions, the attack source tracing function does not take effect on IPv6 packets.
The user-level rate limiting is available in the S6720HI, S5730HI and S5720HI of V200R009 and later versions.
When packets match both user-level rate limiting rules and user-defined flow rules, the rate of these packets is limited based on the smaller rate limit value.
It is recommended that you disable user-level rate limiting on the network-side interfaces of an access switch and a gateway switch. The user-level rate limiting is enabled on interfaces by default.
S1720GFR, S2720, S2750, S5700SI, S5700LI, and S5700S-LI do not support the port attack defense function

Mohamed_Mostafa · Created Jan 13, 2019 09:09:30

Dear ,
What is your device model and software version?

Batrick · Created Jan 13, 2019 09:09:59

I think it is hardware limiting provide us with the model and version

Skynet_india · Created Jan 13, 2019 09:11:21

Posted by Mohamed_Mostafa at 2019-01-13 09:09 Dear ,What is your device model and software version?

hi

Huawei Versatile Routing Platform Software
VRP (R) software, Version 5.170 (S6720 V200R010C00SPC600)
Copyright (C) 2000-2016 HUAWEI TECH CO., LTD
HUAWEI S6720-30C-EI-24S-AC Routing Switch uptime is 0 week, 1 day, 15 hours, 7 minutes

ES5D2S26Q002 0(Master) : uptime is 0 week, 1 day, 15 hours, 6 minutes
DDR Memory Size : 2048 M bytes
FLASH Memory Size : 446 M bytes
Pcb Version : VER.B
BootROM Version : 020a.0001
BootLoad Version : 020a.0001
CPLD Version : 0108
Software Version : VRP (R) Software, Version 5.170 (V200R010C00SPC600)
PWR1 information
Pcb Version : PWR VER.A
FAN1 information
Pcb Version : NA

Batrick · Created Jan 13, 2019 09:12:28

yes it is hardware limiting refer to documentation .

Abulaynain · Created Jan 13, 2019 09:15:20

Posted by Batrick at 2019-01-13 03:12 yes it is hardware limiting refer to documentation .

Does that mean that the cpu defend policy accept only car configuration for this switch!!

Batrick · Created Jan 13, 2019 09:16:53

check the documentation and then we can talk

Fathy · Created Jan 13, 2019 09:19:34

this is informationail Notice that Policy can be applied to Main Board Board Only (MPU) .

please review Feature Limitations from Product Document according to your specific Model and version .

Below is a Sample for S7700 :

Licensing Requirements
Local attack defense is a basic feature of a switch and is not under license control.

Version Requirements
Table 1 Products and versions supporting local attack defense
Product

Product Model

Software Version

S7700
S7703, S7706 and S7712

V100R003C01, V100R006C00, V200R001(C00&C01), V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C10

S9700
S9703, S9706 and S9712

V200R001(C00&C01), V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007(C00&C10), V200R008C00, V200R009C00, V200R010C00, V200R011C10

NOTE:
To know details about software mappings, see Hardware Query Tool.
Feature Limitations
In V200R009C00 and earlier versions, the attack source tracing function does not take effect on IPv6 packets.

The user-level rate limiting is available in the X series cards of V200R009 and later versions.
It is recommended that you disable user-level rate limiting on the network-side interfaces of an access switch and a gateway switch. The user-level rate limiting is enabled on interfaces by default.

The packets destined for the local switch are sent to the CPU. After functions related to some protocols such as BGP, OSPF, and LACP are enabled, packets of these protocols are also sent to the CPU. If packets sent to the CPU match both CPCAR and a traffic classification rule in a traffic policy, but the actions to be taken conflict with each other, CPCAR takes effect.

https://support.huawei.com/hedex/pages/EDOC100017784331189655/05/EDOC100017784331189655/05/resources/dc/dc_s_cfg_LocalAttackDefense_notes.html?ft=0&fe=10&hib=11.4.13.4.2&id=dc_s_cfg_LocalAttackDefense_notes_2&text=Licensing%20Requirements%20and%20Limitations%20for%20Local%20Attack%20Defense&docid=EDOC1000177843

Mohamed_Mostafa · Created Jan 13, 2019 09:21:22

Licensing Requirements and Limitations for Local Attack Defense

Involved Network Elements

Other network elements are not required.

Licensing Requirements

Configuration commands of local attack defense are available only after the S1720GW, S1720GWR, and S1720X have the license (WEB management to full management Electronic RTU License) loaded and activated and the switches are restarted. Configuration commands of local attack defense on other models are not under license control.

For details about how to apply for a license, see Applying for Licenses in the S1720, S5700, and S6720 Series Switches License Usage Guide.

Version Requirements

**Table 1** Products and versions supporting local attack defense
Product	Product Model	Software Version
S1700	S1720GFR	V200R006C10, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00
	S1720GW and S1720GWR	V200R010C00, V200R011C00, V200R011C10, V200R012C00
	S1720GW-E and S1720GWR-E	V200R010C00, V200R011C00, V200R011C10, V200R012C00
	S1720X and S1720X-E	V200R011C00, V200R011C10, V200R012C00
	Other S1700 models	Models that cannot be configured using commands. For details about features and versions, see S1700 Documentation Bookshelf.
S2700	S2700SI	V100R005C01, V100R006(C00&C01&C03&C05)
	S2700EI	V100R005C01, V100R006(C00&C01&C03&C05)
	S2710SI	V100R006(C03&C05)
	S2720EI	V200R006C10, V200R009C00, V200R010C00, V200R011C10, V200R012C00
	S2750EI	V200R003C00, V200R005C00SPC300, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00
S3700	S3700SI and S3700EI	V100R005C01, V100R006(C00&C01&C03&C05)
S3700	S3700HI	V100R006C01, V200R001C00
S5700	S5700LI	V200R001C00, V200R002C00, V200R003(C00&C02&C10), V200R005C00SPC300, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00
	S5700S-LI	V200R001C00, V200R002C00, V200R003C00, V200R005C00SPC300, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00
	S5710-C-LI	V200R001C00
	S5710-X-LI	V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00
	S5700SI	V100R005C01, V100R006C00, V200R001C00, V200R002C00, V200R003C00, V200R005C00
	S5700EI	V100R005C01, V100R006(C00&C01), V200R001(C00&C01), V200R002C00, V200R003C00, V200R005(C00&C01&C02&C03)
	S5710EI	V200R001C00, V200R002C00, V200R003C00, V200R005(C00&C02)
	S5720EI	V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00
	S5720LI and S5720S-LI	V200R010C00, V200R011C00, V200R011C10, V200R012C00
	S5720SI and S5720S-SI	V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00
	S5720I-SI	V200R012C00
	S5700HI	V100R006C01, V200R001(C00&C01), V200R002C00, V200R003C00, V200R005(C00SPC500&C01&C02)
	S5710HI	V200R003C00, V200R005(C00&C02&C03)
	S5720HI	V200R006C00, V200R007(C00&C10), V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00
	S5730HI	V200R012C00
	S5730SI	V200R011C10, V200R012C00
	S5730S-EI	V200R011C10, V200R012C00
S6700	S6700EI	V100R006C00, V200R001(C00&C01), V200R002C00, V200R003C00, V200R005(C00&C01&C02)
	S6720LI and S6720S-LI	V200R011C00, V200R011C10, V200R012C00
	S6720SI and S6720S-SI	V200R011C00, V200R011C10, V200R012C00
	S6720EI	V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00
	S6720S-EI	V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00
	S6720HI	V200R012C00

Feature Limitations

In V200R011C10 and earlier versions, the attack source tracing function does not take effect on IPv6 packets.
The user-level rate limiting is available in the S6720HI, S5730HI and S5720HI of V200R009 and later versions.
When packets match both user-level rate limiting rules and user-defined flow rules, the rate of these packets is limited based on the smaller rate limit value.
It is recommended that you disable user-level rate limiting on the network-side interfaces of an access switch and a gateway switch. The user-level rate limiting is enabled on interfaces by default.
S1720GFR, S2720, S2750, S5700SI, S5700LI, and S5700S-LI do not support the port attack defense function

Skynet_india · Created Jan 13, 2019 09:23:05

Local attack defense is a basic feature of a switch and is not under license control.

Enterprise

Consumer

Corporate

Carriers

Attack

Licensing Requirements and Limitations for Local Attack Defense

Involved Network Elements

Licensing Requirements

Version Requirements

Feature Limitations

Licensing Requirements and Limitations for Local Attack Defense

Involved Network Elements

Licensing Requirements

Version Requirements

Feature Limitations

Third Party’s Trade Secret