R3102-R3103-HP 6600/HSR6600 Routers Security Configuration Guide
493
Verifying the configuration
Use the display blacklist all command to view the added blacklist entries.
[Router] display blacklist all
Blacklist information
-------------------------------------------------------------------------
Blacklist : enabled
Blacklist items : 2
------------------------------------------------------------------------------
IP Type Aging started Aging finished Dropped packets
YYYY/MM/DD hh:mm:ss YYYY/MM/DD hh:mm:ss
Total blacklist items on slot 0 : 2
5.5.5.5 manual 2008/04/09 16:02:20 Never 0
192.168.1.4 manual 2008/04/09 16:02:26 2008/04/09 16:52:26 0
After the configuration takes effect, the router should:
• Always drop packets from Host D unless you delete Host D's IP address from the blacklist by using
the undo blacklist ip 5.5.5.5 command.
• Within 50 minutes, drop Host C's packets received.
• After 50 minutes, correctly forward Host C's packets received.
Traffic statistics configuration example
Network requirements
As shown in Figure 242, configure traffic statistics in the outbound direction of GigabitEthernet 3/0/1,
and configure UDP flood attack protection to protect the internal server against external UDP flood
attacks.
Figure 242 Network diagram
Configuration procedure
# Configure IP addresses for interfaces. (Details not shown.)
# Create attack protection policy 1.
<Router> system-view
[Router] attack-defense policy 1
# Enable UDP flood attack protection.
[Router-attack-defense-policy-1] defense udp-flood enable
# Set the global action threshold for UDP flood attack protection to 100 packets per second.
[Router-attack-defense-policy-1] defense udp-flood rate-threshold high 100
# Configure the policy to drop the subsequent packets once a UDP flood attack is detected.
[Router-attack-defense-policy-1] defense udp-flood action drop-packet
[Router-attack-defense-policy-1] quit