Manualshelf

R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
401402403404405406407408409410
10
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter attack protection
policy view.
attack-defense policy
policy-number
N/A
3. Enable ICMP flood attack
protection.
defense icmp-flood enable Disabled by default.
4. Configure the global action
and silence thresholds for
ICMP flood attack
protection.
defense icmp-flood rate-threshold
high rate-number [ low
rate-number ]
Optional.
By default, the action threshold is
1000 packets per second and the
silence threshold is 750 packets per
second.
5. Configure the action and
silence thresholds for ICMP
flood attack protection of a
specific IP address.
defense icmp-flood ip ip-address
rate-threshold high rate-number
[ low rate-number ]
Optional.
Not specifically configured for an IP
address by default.
6. Configure the device to drop
ICMP flood attack packets.
defense icmp-flood action
drop-packet
Optional.
By default, the device does not
process the attack packets if it
detects an attack.
To configure a UDP flood attack protection policy:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter attack protection
policy view.
attack-defense policy
policy-number
N/A
3. Enable UDP flood attack
protection.
defense udp-flood enable Disabled by default.
4. Configure the global action
and silence thresholds for
UDP flood attack protection.
defense udp-flood rate-threshold
high rate-number [ low
rate-number ]
Optional.
By default, the action threshold is
1000 packets per second and the
silence threshold is 750 packets per
second.
5. Configure the action and
silence thresholds for UDP
flood attack protection for a
specific IP address.
defense udp-flood ip ip-address
rate-threshold high rate-number
[ low rate-number ]
Optional.
Not configured by default.
6. Configure the device to drop
UDP flood attack packets.
defense udp-flood action
drop-packet
Optional.
By default, the device does not
process the attack packets if it
detects an attack.
Applying an attack protection policy to an interface
To make a configured attack protection policy take effect, you need to apply the policy to a specific
interface.