Applying an attack defense policy to an interface
An attack defense policy does not take effect unless you apply it to an interface.
If you apply an attack defense policy to a global interface, specify a traffic processing slot for the interface. If you do not specify a traffic processing slot, the policy cannot correctly detect and prevent scanning and flood attacks.
To apply an attack defense policy to an interface:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter system view. | interface interface-type interface-number | N/A |
3. Apply an attack defense policy to the interface. | attack-defense apply policy policy-name | By default, no attack defense policy is applied to the interface. |
4. (Optional.) Specify a traffic processing slot for the interface. | In standalone mode:service slot slot-number In IRF mode:service chassis chassis-number slot slot-number | By default, no traffic processing slot is specified for an interface. Traffic on an interface is processed on the slot at which the traffic arrives. |