Applying an attack defense policy to the device

About applying an attack defense policy to the device

An attack defense policy applied to the device itself rather than the interfaces detects packets destined for the device and prevents attacks targeted at the device.

A switch uses hardware to implement packet forwarding and uses software to process packets if the packets are destined for the switch. The software does not provide any attack defense features, so you must apply an attack defense policy to the switch to prevent attacks aimed at the switch.

Applying an attack defense policy to a device can improve the efficiency of processing attack packets destined for the device.

If a device and its interfaces have attack defense policies applied, a packet destined for the device is processed as follows:

  1. The policy applied to the receiving interface processes the packet.

  2. If the packet is not dropped by the receiving interface, the policy applied to the device processes the packet.

Procedure

  1. Enter system view.

    system-view

  2. Apply an attack defense policy to the device.

    attack-defense local apply policy policy-name

    By default, no attack defense policy is applied to the device.