In local anti-attack, if the ACL rules applied to a blacklist exceed specifications, how to process the excess


The ACL rules that exceed specifications do not continue to take effect in a blacklist.

Other related questions:
What can I do with excess ACL rules used by a blacklist in local attack defense
Excess ACL rules used by a blacklist do not take effect.

How to configure ARP anti-attack on an AR router
On a network, common ARP attack methods include ARP flooding and ARP spoofing. To avoid different types of harm caused by the ARP attacks, multiple types of solutions to the ARP security features are provided according to the attack types. By configuring ARP anti-flooding
and anti-spoofing, the maintenance cost arising from ensuring normal running of a network and security of network information can be effectively reduced, thereby providing users with a more secure network environment and more stable network services. For details about the configuration procedure, see the URL: AR100&AR120&AR150&AR160&AR200&AR1200& AR1600&AR2200&AR3200&AR3600 V200R007 Product Documentation.

How to configure port anti-attacking on S switch?
[HUAWEI] cpu-defend policy test //create the policy, the name is test [HUAWEI-cpu-defend-policy-test] auto-port-defend enable //open the function [HUAWEI-cpu-defend-policy-test] auto-port-defend protocol all //open the port anti-attacking protocol [HUAWEI-cpu-defend-policy-test] auto-port-defend protocol all threshold 64 //configure the threshold [HUAWEI-cpu-defend-policy-test] auto-port-defend sample 5 //sampling rate of protocol packets based on port defense [HUAWEI-cpu-defend-policy-test] auto-port-defend aging-time 500 //Configure the aging detection interval for port attack defense [HUAWEI-cpu-defend-policy-test] quit [HUAWEI] cpu-defend-policy test global //apply the policy

How to configure CPU anti-attacking on S switch?
[HUAWEI] cpu-defend policy test //create anti-attacking policy,the name is test [HUAWEI-cpu-defend-policy-test] car packet-type arp-request cir 120 //configure protocol packet limitation [HUAWEI-cpu-defend-policy-test] linkup-car packet-type ftp cir 5000 //configure dynamical link protection packet limitation [HUAWEI-cpu-defend-policy-test] quit [HUAWEI] cpu-defend-policy test global //apply the policy

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top