< Home

anti-ddos hardware defend enable

Function

The anti-ddos hardware defend enable command enables the hardware-based defense function.

The undo anti-ddos hardware defend enable command disables the hardware-based defense function.

Format

anti-ddos hardware defend enable

undo anti-ddos hardware defend enable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Only the USG6610E/6620E, USG6630E/6650E, USG6635E/6655E support this command.

For USG6680E and USG6712E/6716E:
  • In versions earlier than V600R007C20SPC200, device support this command.
  • V600R007C20SPC200 and later versions, device batches are distinguished by BomID Version (which can be checked using the display version command), whose BomID Version is earlier than 003 and whose device BOM numbers does not contain "-001" support this command.

By default, the hardware-based defense function is enabled.

After the hardware-based defense function is enabled, attack traffic check and first-packet discarding for SYN packets can be performed on the hardware chip. To make the first-packet discarding function for SYN packets take effect, you also need to run the anti-ddos np-rule first-packet-check enable command.

Example

# Enable the hardware-based defense function.

<sysname> system-view
 [sysname] anti-ddos hardware defend enable
Parent Topic: DDoS Attack Defense Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >