The service-security global-binding command applies an MPAC policy globally on a device.
The undo service-security global-binding command cancels the configuration.
By default, an MPAC policy is not applied globally on a device.
service-security global-binding { ipv4 | ipv6 } security-policy-name
undo service-security global-binding { ipv4 | ipv6 }
| Parameter | Description | Value |
|---|---|---|
| ipv4 | Specifies IPv4 MPAC policies. | - |
| ipv6 | Specifies IPv6 MPAC policies. | - |
| security-policy-name | Specifies the name of an MPAC policy. | The value is a string of 1 to 31 case-sensitive characters without spaces and must start with a letter. |
Usage Scenario
To protect the CPU against spoofed packets, configure an MPAC policy to filter packets to be sent to the CPU.
You can run the service-security global-binding command to apply an MPAC policy globally on a device.
Prerequisites
An MPAC policy has been created using the service-security policy command.
# Create an IPv4 MPAC policy and apply the policy globally to a device.
<sysname> system-view
[sysname] service-security policy ipv4 huawei
[sysname-service-sec-huawei] rule 5 permit protocol tcp source-port 1000 source-ip 127.1.1.1 0
[sysname-service-sec-huawei] quit
[sysname] service-security global-binding 4 huawei