R2511-HP MSR Router Series Security Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router

441

442

443

444

445

446

447

448

449

450

430

Ste

Command

Remarks

2. Enter interface view.

interface interface-type

interface-number

N/A

3. Enable traffic statistics on the

interface.

flow-statistics enable

{ destination-ip | inbound |

outbound | source-ip }

Disabled by default.

Displaying and maintaining attack detection and

protection

Task Command

Remarks

Display the attack protection

statistics of an interface.

display attack-defense statistics interface

interface-type interface-number [ | { begin |

exclude | include } regular-expression ]

Available in any view.

Display configuration information

about one or all attack protection

policies.

display attack-defense policy

[ policy-number ] [ | { begin | exclude |

include } regular-expression ]

Available in any view.

Display information about blacklist

entries.

display blacklist { all | ip sour-address } [ |

{ begin | exclude | include }

regular-expression ]

Available in any view.

Display the traffic statistics of an

interface.

display flow-statistics statistics interface

interface-type interface-number { inbound |

outbound } [ | { begin | exclude | include }

regular-expression ]

Available in any view.

Display the interface traffic

statistics based on IP addresses.

display flow-statistics statistics

{ destination-ip dest-ip-address | source-ip

src-ip-address } [ vpn-instance

vpn-instance-name ] [ | { begin | exclude |

include } regular-expression ]

Available in any view.

Clear attack protection statistics

information about an interface.

reset attack-defense statistics interface

interface-type interface-number

Available in user view.

Attack detection and protection configuration

examples

Attack protection functions on interfaces configuration example

Network requirements

As shown in Figure 139, GigabitEthernet 1/1 is connected with the internal network, GigabitEthernet

1/2 is connected to the external network, and GigabitEthernet 1/3 is connected with an internal server.

Protect internal hosts against Smurf attacks and scanning attacks from the external network. Protect the

internal server against SYN flood attacks from the external network. To meet the requirements, perform

the following configurations: