Got it

The blacklist does not take effect

148 0 1 0 0


This case describes the problem that the blacklist configured on the S7700 does not take effect.

Problem Description

We would like to deny ICMP-reply packets to

According to the documentation, we have configured the following:


acl 3100

  rule 5 deny IP source xx.xx.xx.xx destination


cpu-defend policy test

blacklist 1 acl 3100

auto-defend alarm enable

auto-defend action deny


cpu-defend-policy test global

cpu-defend-policy main-board

cpu-defend dynamic-car arp enable


After the configuration is complete, the device still responds to the ping requests to these addresses.

Root cause

The switch uses the X2E card. By default, the fast ICMP reply function is enabled on the device. In this case, the LPU can reply with ICMP packets without sending them to the CPU. Therefore, the blacklist does not take effect.


After fast ICMP reply function fast is disabled, packets are sent to the CPU and the blacklist takes effect.  

[HUAWEI] undo icmp-reply fast


If the fast ICMP  reply function is enabled, the blacklist function takes effect only when all LPUs except the X2E and X1E series LPUs use the CPU to send ICMP reply packets.

I hope this helps.

  • x
  • convention:


You need to log in to comment to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."

My Followers

Login and enjoy all the member benefits


Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Please bind your phone number to obtain invitation bonus.