[x]

Configuring an attack defense policy > Applying an attack defense policy to an interface

 

 Next

Applying an attack defense policy to an interface

An attack defense policy does not take effect unless you apply it to an interface.

If you apply an attack defense policy to a global interface, specify a service card to process traffic for the interface. If you do not specify a service card, the policy cannot correctly detect and prevent scanning and flood attacks.

To apply an attack defense policy to an interface:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enter system view.

interface interface-type interface-number

N/A

3. Apply an attack defense policy to the interface.

attack-defense apply policy policy-name

By default, no attack defense policy is applied to the interface.

4. (Optional.) Specify a traffic processing slot for the interface.

  • Distributed devices–centralized IRF devices–in standalone mode:service [ standby ] slot slot-number

  • Distributed devices–in IRF mode:service [ standby ] chassis chassis-number slot slot-number

By default, no traffic processing slot is specified for an interface. Traffic on an interface is processed on the slot at which the traffic arrives.

prev

 

up

 next

Configuring attack detection exemption 

home

 Applying an attack defense policy to the device

© Copyright 2017 Hewlett Packard Enterprise Development LP