< Home

deception decoy

Function

The deception decoy command sets a Decoy IP address.

The undo deception decoy command deletes a Decoy IP address.

Format

deception decoy destination destination-ip [ source source-ip ] [ vpn-instance vpn-instance-name ] [ backup destination destination-ip [ source source-ip ] [ vpn-instance vpn-instance-name ] ]

undo deception decoy

Parameters

Parameter Description Value

source source-ip

Specifies the IP address used by a DecoySensor to connect to a Decoy.

The value is in dotted decimal notation.

destination destination-ip

Specifies a Decoy IP address.

The value is in dotted decimal notation.

vpn-instance vpn-instance-name

Specifies the VPN instance of the Decoy IP address.

The VPN instance must be an existing one on the device.

backup

Indicates the backup Decoy.

-

Views

Deception view

Default Level

2: Configuration level

Usage Guidelines

The deception view of virtual systems does not support this command.

A DecoySensor support two Decoys, one master and the other backup. If communication between the DecoySensor and master Decoy is abnormal, the DecoySensor sends the log and deceived traffic to the backup Decoy that can communicate with the DecoySensor.

The DecoySensor does not support master/backup deployment. Therefore, the address of the VRRP group cannot be used as the source address for connecting to the Decoy.

Example

# Set the Decoy IP address to 1.1.1.1.

<FW> system-view
[FW] deception
[FW-deception] deception decoy destination 1.1.1.1
Parent Topic: Network Deception Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >