Manualshelf

R3303-HP 6600/HSR6600 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6602-XG Router
501502503504505506507508509510
496
[Router] blacklist ip 5.5.5.5
# Add Host C's IP address 192.168.1.4 to the blacklist and configure the aging time as 50 minutes.
[Router] blacklist ip 192.168.1.4 timeout 50
Verifying the configuration
# Execute the display blacklist all command to display the added blacklist entries.
[Router] display blacklist all
Blacklist information
-------------------------------------------------------------------------
Blacklist : enabled
Blacklist items : 2
------------------------------------------------------------------------------
IP Type Aging started Aging finished Dropped packets
YYYY/MM/DD hh:mm:ss YYYY/MM/DD hh:mm:ss
Total blacklist items on slot 0 : 2
5.5.5.5 manual 2008/04/09 16:02:20 Never 0
192.168.1.4 manual 2008/04/09 16:02:26 2008/04/09 16:52:26 0
After the configuration takes effect, the router should:
Always drop packets from Host D unless you delete Host D's IP address from the blacklist by using
the undo blacklist ip 5.5.5.5 command.
Within 50 minutes, drop Host C's packets received.
After 50 minutes, correctly forward Host C's packets received.
Traffic statistics configuration example
Network requirements
As shown in Figure 242, configure traffic statistics in the outbound direction of GigabitEthernet 3/0/1,
and configure UDP flood attack protection to protect the internal server against external UDP flood
attacks.
Figure 242 Network diagram
Configuration procedure
# Configure IP addresses for interfaces. (Details not shown.)
# Create attack protection policy 1.
<Router> system-view
[Router] attack-defense policy 1
# Enable UDP flood attack protection.
[Router-attack-defense-policy-1] defense udp-flood enable
# Set the global action threshold for UDP flood attack protection to 100 packets per second.
[Router-attack-defense-policy-1] defense udp-flood rate-threshold high 100