R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution

411

412

413

414

415

416

417

418

419

420

Figure 130 Network diagram

Configuration procedure

# Configure IP addresses for interfaces. (Details not shown.)

# Enable the blacklist function.

<Router> system-view

[Router] blacklist enable

# Add Host D's IP address 5.5.5.5 to the blacklist without configuring an aging time for it.

[Router] blacklist ip 5.5.5.5

# Add Host C's IP address 192.168.1.4 to the blacklist and configure the aging time as 50 minutes.

[Router] blacklist ip 192.168.1.4 timeout 50

Verifying the configuration

# Execute the display blacklist all command to display the added blacklist entries.

[Router] display blacklist all

Blacklist information

-------------------------------------------------------------------------

Blacklist : enabled

Blacklist items : 2

------------------------------------------------------------------------------

IP Type Aging started Aging finished Dropped packets

YYYY/MM/DD hh:mm:ss YYYY/MM/DD hh:mm:ss

Total blacklist items on slot 0 : 2

5.5.5.5 manual 2008/04/09 16:02:20 Never 0

192.168.1.4 manual 2008/04/09 16:02:26 2008/04/09 16:52:26 0

After the configuration takes effect, the router should:

• Always drop packets from Host D unless you delete Host D's IP address from the blacklist by using

the undo blacklist ip 5.5.5.5 command.

• Within 50 minutes, drop Host C's packets received.

• After 50 minutes, correctly forward Host C's packets received.

Internet

Router

Host C

GE3/0/2GE3/0/1

Host A Host B

Attacker

Host D

5.5.5.5/24

202.1.0.1/16192.168.1.1/16

192.168.1.4/16