The deception detect-network command sets a network segment detected by the deception system.
The undo deception detect-network command deletes the detected network segment.
deception detect-network [ id id-number ] ip-address mask [ vpn-instance vpn-instance-name ]
undo deception detect-network { all | id id-number }
| Parameter | Description | Value |
|---|---|---|
id id-number |
Specifies the ID of a detected network segment. |
The value is an integer ranging from 1 to 50. |
ip-address |
Specifies the IP address of the detected network segment. |
The value is in dotted decimal notation. |
mask |
Specifies the mask of the detected network segment. |
The value is in dotted decimal notation. |
vpn-instance vpn-instance-name |
Specifies the VPN instance of the detected network segment. |
The VPN instance must be an existing one on the device. The deception view of virtual systems does not support this parameter. |
all |
Indicates that all network segments are detected for deception. |
- |
By default, no network segment is detected for deception.
The detected network segment is protected by the deception system. Only the packets whose source or destination IP addresses are in the detected network segment can be sent to the deception system for check or deception. If a decoy network segment is configured, you do not need to add the IP addresses in this segment to detected network segments. Scanning on the IP addresses in the decoy network segment immediately triggers deception.
The number of IP addresses on all detected network segments cannot exceed 10240.
Before deleting a detected network segment, you can run the display deception detect-network command or run the display this command in the deception view to view the ID of the detected network segment.