R0106-HP MSR Router Series Security Command Reference(V7)
568
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the specified IPv6 address
belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. Do not specify
this option if the IPv6 address is on the public network.
port port-number: Specifies the port to be protected, in the range of 1 to 65535. If you do not specify this
option, DNS client verification protects port 53, HTTP client verification protects port 80, and TCP client
verification protects all ports.
Usage guidelines
You can specify multiple protected IPv6 addresses by using this command multiple times.
Examples
# Configure TCP client verification to protect IPv6 address 2013::12 and port 23.
<Sysname> system-view
[Sysname] client-verify tcp protected ipv6 2013::12 port 23
# Configure HTTP client verification to protect IPv6 address 2013::12.
<Sysname> system-view
[Sysname] client-verify http protected ipv6 2013::12
Related commands
display client-verify protected ipv6
client-verify tcp enable
Use client-verify tcp enable to enable TCP client verification on an interface.
Use undo client-verify tcp enable to restore the default.
Syntax
client-verify tcp enable [ mode { syn-cookie | safe-reset } ]
undo client-verify tcp enable
Default
TCP client verification is disabled on an interface.
Views
Layer 3 interface view
Predefined user roles
network-admin
Parameters
mode: Specifies a working mode for the TCP client verification function. If you do not specify this keyword,
the SYN cookie mode is used.
syn-cookie: Specifies the SYN cookie mode. In this mode, bidirectional TCP proxy is enabled.
safe-reset: Specifies the safe reset mode. In this mode, unidirectional TCP proxy is enabled.
Usage guidelines
Enable TCP client verification on the interface that connects to the external network to check incoming
packets. This function protects internal TCP servers against TCP flood attacks, including SYN flood attacks,
SYN-ACK flood attacks, RST flood attacks, FIN flood attacks, and ACK flood attacks.