To Next Page

To Previous Page

1064

Default

IPv6 address-specific ICMPv6 flood attack detection is not configured.

Views

Attack defense policy view

Predefined user roles

network-admin

Parameters

Ipv6-address: Specifies the IPv6 address to be protected.

vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the protected IPv6

address belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters.

Do not specify this option if the protected IPv6 address is on the public network.

threshold threshold-value: Specifies the threshold for triggering ICMPv6 flood attack prevention.

The value range is 1 to 1000000 in units of ICMPv6 packets sent to the specified IP address per

second.

action: Specifies the actions when an ICMPv6 flood attack is detected. If no action is specified, the

global actions set by the icmpv6-flood action command apply.

drop: Drops subsequent ICMPv6 packets destined for the protected IPv6 address.

logging: Enables logging for ICMPv6 flood attack events.

none: Takes no action.

Usage guidelines

With ICMPv6 flood attack detection configured for an IPv6 address, the device is in attack detection

state. When the sending rate of ICMPv6 packets to the IPv6 address reaches the threshold, the

device enters prevention state and takes the specified actions. When the rate is below the silence

threshold (three-fourths of the threshold), the device returns to the attack detection state.

Examples

# Configure ICMPv6 flood attack detection for 2012::12 in the attack defense policy atk-policy-1.

<Sysname> system-view

[Sysname] attack-defense policy atk-policy-1

[Sysname-attack-defense-policy-atk-policy-1] icmpv6-flood detect ipv6 2012::12 threshold

2000

Related commands

icmpv6-flood action

icmpv6-flood detect non-specific

icmpv6-flood threshold

icmpv6-flood detect non-specific

Use icmpv6-flood detect non-specific to enable global ICMPv6 flood attack detection.

Use undo icmpv6-flood detect non-specific to disable global ICMPv6 flood attack detection.

Syntax

icmpv6-flood detect non-specific

undo icmpv6-flood detect non-specific

Other manuals for H3C MSR Series

Manual33 pages

Probe Command Reference28 pages

Configuration Guide80 pages

Troubleshooting Guide28 pages

User Guide26 pages

Questions and Answers:

Need help?

Do you have a question about the H3C MSR Series and is the answer not in the manual?

H3C MSR Series Specifications

General

Category	Network Router
IPv6 Support	Yes
Dimensions	Varies by model
Weight	Varies by model
Product Type	Modular Router
Ports	Varies by model
WAN Interfaces	Varies by model
Firewall	Yes
QoS	Yes
Wireless Support	Varies by model
USB Ports	Varies by model
Console Port	Yes
Power Supply	Varies by model
Redundancy	Varies by model
Operating Temperature	0°C to 45°C
Storage Temperature	-40°C to 70°C
Humidity	5% to 95% non-condensing
Series	MSR
Certifications	CE, FCC, RoHS