R0106-HP MSR Router Series Security Command Reference(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR2003 AC Router

571

572

573

574

575

576

577

578

579

580

564

Syntax

blacklist logging enable

undo blacklist logging enable

Default

Logging is disabled for the blacklist function.

Views

System view

Predefined user roles

network-admin

Usage guidelines

With logging enabled for the blacklist function, the system outputs logs in the following situations:

• A blacklist entry is manually added.

• A blacklist entry is dynamically added by the scanning attack detection function.

• A blacklist entry is manually deleted.

• A blacklist entry ages out.

A blacklist log records the following information:

• Source IP address of the blacklist entry.

• Remote IP address of the DS-Lite tunnel.

• VPN instance name.

• Reason for adding or deleting the blacklist entry.

• Aging time for the blacklist entry.

Examples

# Enable logging for the blacklist function.

<Sysname> system-view

[Sysname] blacklist logging enable

# Add 192.168.1.2 to the blacklist. A log is output for the adding event.

[Sysname] blacklist ip 192.168.100.12

%Mar 13 03:47:49:736 2013 Sysname BLS/5/BLS_ENTRY_ADD:SrcIPAddr(1003)=192.168.100.12;

DSLiteTunnelPeer(1040)=--; RcvVPNInstance(1041)=; TTL(1051)=;

Reason(1052)=Configuration.

# Delete 192.168.1.2 from the blacklist. A log is output for the deletion event.

[Sysname] undo blacklist ip 192.168.100.12

%Mar 13 03:49:52:737 2013 Sysname BLS/5/BLS_ENTRY_DEL:SrcIPAddr(1003)=192.168.100.12;

DSLiteTunnelPeer(1040)=--; RcvVPNInstance(1041)=; Reason(1052)=Configuration.

Related commands

• blacklist ip

• blacklist ipv6

client-verify dns enable

Use client-verify dns enable to enable DNS client verification on an interface.