Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
T07-0303 CP CAR Attack So...

T07-0303 CP CAR Attack Source Tracing Test

Created: Feb 4, 2021 13:33:08Latest reply: Feb 5, 2021 02:08:25 274 5 0 0 0
  Rewarded HiCoins: 0 (problem resolved)
View the author 1#

Hello Dears

I was doing CP CAR of the interface card test based on the Huawei PAT document for AR2240

I can not select the slot to apply  cpu-defend-policy command on the router  and when I select global for slot  part 

the pc  ping  the router even though  the cpu-defend -policy-ww is applied to  globally 

testing out put

this is for test purpose only ( no private information is included here)


I attached below the test  procedure and expected result , why is the  test not working because I the ping is successful eventhough I  put CPU attack defense policy on The router ?



Objective

To test CP CAR of the Interface Card.

Networking   diagram

CP CAR of the Interface Card Test


Prerequisites

The PC is connected to Router A according to the networking   diagram, and Router A is to be tested.

Test   procedure

Configure the CPU attack defense   policy on Router A.

<Huawei> system-view

[Huawei] sysname RouterA

[RouterA] cpu-defend policy ww

[RouterA-cpu-defend-policy-ww] deny packet-type icmp

[RouterA-cpu-defend-policy-ww] quit

Apply the policy to the   interface card.

[RouterA] cpu-defend-policy ww  slot 2

Configure a network connection   between Router A and the PC.

[RouterA]   vlan 10                                                                                                                    

[RouterA-vlan10] quit

[RouterA] interface   Vlanif 10          

[RouterA-Vlanif10] ip address 131.131.131.1 24                                                                                       

[RouterA-Vlanif10] quit 

[RouterA] interface   GigabitEthernet 4/0/1

[RouterA-Ethernet2/0/0] port link-type access

[RouterA-Ethernet2/0/0] port default vlan 10

[RouterA-Ethernet2/0/0] quit

Ping VLANIF 10 address   131.131.131.1 on Router A from the PC. Expected result 1 is displayed.

Unbind the attack defense policy from Router A.

[RouterA] undo cpu-defend-policy slot 2  ( 

Ping VLANIF 10 address   131.131.131.1 on Router A from the PC. Expected result 2 is displayed.

Expected   results

The PC fails to ping   131.131.131.1.

The PC pings 131.131.131.1 successfully.

Remarks

None.

Internal   number

T07-0301


SO my question is how can I apply the policy on the slot   or globally to get the Expected results



Thanks



CP CAR of the Interface Card Test

Like (0) Dislike (0) Favorite(0) Share Report
Previous: Interface-based Transparent Transmission of Layer 2 Protocol Packets
Next: NE40E-X8A Air Filter specifications
Featured Answers

Recommended answer

(1) (0)
chenhui
Admin Created Feb 4, 2021 14:02:59

Hi,
What is your slot 3, 4 and 6 model? From the error you uploaded, it seems that these cards doesn't support the independent CPU defend policy. Please apply the defend policy globally. You can apply the defend policy without the option parameters. Please refer to the example below:
[Huawei] cpu-defend-policy test //the attack defense policy is applied on the main control board.
View more
  • x
  • convention:

Berakia
Berakia Created Feb 4, 2021 19:55:35 (0) (0)
I applied the defend policy globally but in the expected result, the Pc ping the router, even though I applied the policy ?? in both cases the pc ping without failing?  
All Answers
(0) (0)
2#
liqiang185
liqiang185 Admin Created Feb 4, 2021 13:33:52

Dear friend!
Please rest assured that we'll be back with an answer shortly.
View more
  • x
  • convention:
(1) (0)
3#
chenhui
chenhui Admin Created Feb 4, 2021 14:02:59

Hi,
What is your slot 3, 4 and 6 model? From the error you uploaded, it seems that these cards doesn't support the independent CPU defend policy. Please apply the defend policy globally. You can apply the defend policy without the option parameters. Please refer to the example below:
[Huawei] cpu-defend-policy test //the attack defense policy is applied on the main control board.
View more
  • x
  • convention:

Berakia
Berakia Created Feb 4, 2021 19:55:35 (0) (0)
I applied the defend policy globally but in the expected result, the Pc ping the router, even though I applied the policy ?? in both cases the pc ping without failing?  
(0) (0)
4#
chenhui
chenhui Admin Created Feb 5, 2021 02:08:25

Hi @Berakia
Can you please provide your AR2240 firmware version, and the card model for slot 3, 4 and 6.
View more
  • x
  • convention:

Berakia
Berakia Created Feb 8, 2021 07:34:52 (0) (0)
Hi@Chenhui

VRP (R) software, Version 5.170 (AR2200 V200R009C00SPC500)
Copyright (C) 2011-2018 HUAWEI TECH CO., LTD
Huawei AR2240 Router uptime is 0 week, 0 day, 1 hour, 6 minutes
BKP 0 version information:
1. PCB Version : AR01BAK2B VER.A
2. If Supporting PoE : Yes
3. Board Type : AR2240
4. MPU Slot Quantity : 1
5. LPU Slot Quantity : 8

MPU 11(Master) : uptime is 0 week, 0 day, 1 hour, 3 minutes
SDRAM Memory Size : 2048 M bytes
Flash 0 Memory Size : 16 M  
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.