The service-security binding command applies an MPAC policy to an interface.
The undo service-security binding command cancels the configuration.
By default, an MPAC policy is applied to an interface.
service-security binding { ipv4 | ipv6 } security-policy-name
undo service-security binding { ipv4 | ipv6 }
| Parameter | Description | Value |
|---|---|---|
| ipv4 | Specifies an IPv4 MPAC policy. | - |
| ipv6 | Specifies an IPv6 MPAC policy. | - |
| security-policy-name | Specifies the name of an MPAC policy. | The value is a string of 1 to 31 case-sensitive characters without spaces and must start with a letter. |
Ethernet interface view, Ethernet sub-interface view, Eth-Trunk interface view, Eth-Trunk sub-interface view
Usage Scenario
To protect the CPU against spoofed packets, configure an MPAC policy to filter packets to be sent to the CPU.
You can run the service-security binding command to apply an MPAC policy to an interface.
Prerequisites
An MPAC policy has been created using the service-security policy command.
# Create an IPv4 MPAC policy and apply the policy to an interface.
<sysname> system-view
[sysname] service-security policy ipv4 huawei
[sysname-service-sec-huawei] rule 5 permit protocol tcp source-port 1000 source-ip 127.1.1.1 0
[sysname-service-sec-huawei] quit
[sysname] interface GigabitEthernet 0/0/1
[sysname-GigabitEthernet0/0/1] service-security binding ipv4 huawei