R2511-HP MSR Router Series Security Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router

Configuration guidelines ···································································································································· 411

Configuration procedure ···································································································································· 412

Configuring IP source guard ·································································································································· 413

Overview ······································································································································································· 413

Static IP source guard binding entries ··············································································································· 413

Dynamic IP source guard binding entries ········································································································· 414

IPv4 source guard configuration task list ··················································································································· 414

Configuring IPv4 source guard ··································································································································· 414

Enabling IPv4 source guard on a port ·············································································································· 415

Configuring a static IPv4 source guard binding entry····················································································· 416

Setting the maximum number of IPv4 source guard binding entries ····························································· 416

Displaying and maintaining IP source guard ············································································································ 417

Static IPv4 source guard binding entry configuration example ·············································································· 417

Dynamic IPv4 source guard using DHCP snooping configuration example·························································· 419

Troubleshooting IP source guard ································································································································ 420

Configuring attack detection and protection ········································································································ 421

Types of network attacks the device can defend against ··············································································· 421

Blacklist function ·················································································································································· 423

Traffic statistics function ······································································································································ 423

Attack detection and protection configuration task list ···························································································· 424

Configuring attack protection functions for an interface ························································································· 425

Creating an attack protection policy ················································································································· 425

Configuring an attack protection policy ··········································································································· 425

Applying an attack protection policy to an interface ······················································································ 428

Configuring the blacklist function ······························································································································· 429

Enabling traffic statistics on an interface ··················································································································· 429

Displaying and maintaining attack detection and protection ················································································· 430

Attack detection and protection configuration examples ························································································ 430

Attack protection functions on interfaces configuration example ··································································· 430

Blacklist configuration example ························································································································· 432

Traffic statistics configuration example ············································································································· 433

Configuring TCP attack protection ························································································································· 436

Enabling the SYN Cookie feature ······························································································································ 436

Enabling protection against Naptha attacks ············································································································· 437

Displaying and maintaining TCP attack protection ·································································································· 437

Configuring connection limits ································································································································· 438

Connection limit configuration task list ······················································································································ 438

Creating a connection limit policy ····························································································································· 438

Configuring the connection limit policy ····················································································································· 438

Configuring the default connection limit action and parameters ··································································· 438

Configuring an ACL-based connection limit rule ····························································································· 439

Applying the connection limit policy ·························································································································· 440

Displaying and maintaining connection limiting ······································································································ 440

Troubleshooting connection limiting ··························································································································· 440

Symptom ······························································································································································· 440

Analysis ································································································································································ 441

Solution ································································································································································· 441

Configuring password control ································································································································ 442