R0106-HP MSR Router Series Security Configuration Guide(V7)
462
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter attack defense policy
view.
attack-defense policy
policy-name
N/A
3. Configure attack detection
exemption.
exempt acl [ ipv6 ] { acl-number |
name acl-name }
By default, the attack defense policy
applies to all incoming packets.
Applying an attack defense policy to a Layer 3 interface
An attack defense policy does not take effect unless you apply it to a Layer 3 interface.
To apply an attack defense policy to a Layer 3 interface:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter Layer 3 interface view.
interface interface-type
interface-number
N/A
3. Apply an attack defense
policy to the interface.
attack-defense apply policy
policy-name
By default, no attack defense policy
is applied to the interface.
Applying an attack defense policy to the device
If you apply an attack defense policy to the device, the policy takes effect on packets destined for this
device.
Applying an attack defense policy to a device can improve the efficiency of processing attack packets
destined for the device.
If a device and its interfaces have attack defense policies applied, a packet destined for the device is
processed as follows:
1. The policy applied to the receiving interface processes the packet.
2. If the packet is not dropped by the receiving interface, the policy applied to the device processes
the packet.
Packets destined for the device and need fast forwarding can only be processed by the attack defense
policy applied to the device.
To apply an attack defense policy to the device:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Apply an attack defense
policy to the device.
attack-defense local apply policy
policy-name
By default, no attack defense policy
is applied to the device.