R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis

471

472

473

474

475

476

477

478

479

480

466

Step Command Remarks

2. (Optional.) Enable the

global blacklist function.

blacklist global enable

By default, the global blacklist

function is disabled.

If the global blacklist function is

enabled, the blacklist function is

enabled on all interfaces.

3. (Optional.) Add an IPv4

blacklist entry.

blacklist ip source-ip-address

[ vpn-instance vpn-instance-name ]

[ timeout minutes ]

By default, no IPv4 blacklist entry

exists.

4. (Optional.) Add an IPv6

blacklist entry.

blacklist ipv6 source-ipv6-address

[ vpn-instance vpn-instance-name ]

[ timeout minutes ]

By default, no IPv6 blacklist entry

exists.

5. (Optional.) Enable logging

for the blacklist function.

blacklist logging enable

By default, logging is disabled for

the blacklist function.

6. Enter interface view.

interface interface-type

interface-number

N/A

7. Enable the blacklist function

on the interface.

blacklist enable

By default, the blacklist function is

disabled on the interface.

Displaying and maintaining attack detection and

prevention

Use the display commands in any view and the reset commands in user view.

To display and maintain attack detection and prevention:

Task Command

Display attack detection and prevention statistics

on an interface (MSR2000/MSR3000).

display attack-defense statistics interface interface-type

interface-number

Display attack detection and prevention statistics

on an interface (MSR4000).

display attack-defense statistics interface interface-type

interface-number [ slot slot-number ]

Display attack detection and prevention statistics

for the device (MSR2000/MSR3000).

display attack-defense statistics local

Display attack detection and prevention statistics

for the device (MSR4000).

display attack-defense statistics local [ slot slot-number ]

Display attack defense policy configuration. display attack-defense policy [ policy-name ]

Display information about IPv4 scanning attackers

(MSR2000/MSR3000).

display attack-defense scan attacker ip [ interface

interface-type interface-number | local ] [ count ]

Display information about IPv4 scanning attackers

(MSR4000).

display attack-defense scan attacker ip [ interface

interface-type interface-number | local ] [ slot

slot-number ] [ count ]

Display information about IPv6 scanning attackers

(MSR2000/MSR3000).

display attack-defense scan attacker ipv6 [ interface

interface-type interface-number | local ] [ count ]