R0106-HP MSR Router Series Security Command Reference(V7)
630
address. When the rate is below the silence threshold (three-fourths of the threshold), the device
considers that the threat is over and returns to the attack detection state.
Examples
# Configure ICMPv6 flood attack detection for 2012::12 in attack defense policy atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] icmpv6-flood detect ipv6 2012::12 threshold
2000
Related commands
• icmpv6-flood action
• icmpv6-flood detect non-specific
• icmpv6-flood threshold
icmpv6-flood detect non-specific
Use icmpv6-flood detect non-specific to enable ICMPv6 flood attack detection for non-specific IPv6
addresses.
Use undo icmpv6-flood detect non-specific to restore the default.
Syntax
icmpv6-flood detect non-specific
undo icmpv6-flood detect non-specific
Default
ICMPv6 flood attack detection is not enabled for non-specific IPv6 addresses.
Views
Attack defense policy view
Predefined user roles
network-admin
Usage guidelines
This command enables global ICMPv6 flood attack detection. It applies to all IPv6 addresses except for
those specified by the icmpv6-flood detect ipv6 command. The system uses the global trigger threshold
set by the icmpv6-flood threshold command and global actions specified by the icmpv6-flood action
command.
Examples
# Enable ICMPv6 flood attack detection for non-specific IPv6 addresses in attack defense policy
atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] icmpv6-flood detect non-specific
Related commands
• icmpv6-flood action
• icmpv6-flood detect ipv6