[Huawei]cpu-defend policy p2 //进入防攻击策略视图
[Huawei-cpu-defend-policy-p2]auto-defend enable //使能攻击溯源功能
[Huawei-cpu-defend-policy-p2]auto-defend threshold 60 //配置攻击溯源检查阈值,缺省为60pps
[Huawei-cpu-defend-policy-p2]auto-defend attack-packet sample 5 //配置攻击溯源的采样比,缺省为5
[Huawei-cpu-defend-policy-p2]auto-defend trace-type source-ip //配置攻击溯源的溯源模式,缺省为基于源IP地址和基于源MAC地址
[Huawei-cpu-defend-policy-p2]auto-defend trace-type source-mac
[Huawei-cpu-defend-policy-p2]auto-defend trace-type source-portvlan
[Huawei-cpu-defend-policy-p2]auto-defend protocol all //配置攻击溯源防范的报文类型,缺省为8021X、ARP、DHCP、ICMP、IGMP、TCP、Telnet
[Huawei-cpu-defend-policy-p2]auto-defend whitelist 1 acl 2000 //配置攻击溯源的白名单
[Huawei-cpu-defend-policy-p2]auto-defend whitelist 1 interface GigabitEthernet 0/0/1
[Huawei-cpu-defend-policy-p2]auto-defend alarm enable //使能攻击溯源事件上报功能
[Huawei-cpu-defend-policy-p2]auto-defend threshold 60 //配置攻击溯源事件上报阈值,缺省为60pps
[Huawei-cpu-defend-policy-p2]auto-defend action deny //使能攻击溯源的惩罚功能,并指定惩罚措施
[Huawei-cpu-defend-policy-p2]auto-defend action error-down
[Huawei]cpu-defend-policy p2 global //应用防攻击策略
[Huawei]display auto-defend attack-source //查看攻击源信息
[Huawei]display auto-defend configuration //查看防攻击策略的攻击溯源配置信息
