ESR series service routers.ESR-Series. User manual
13.2.1 Configuration algorithm
To change minimum privilege level required for CLI command execution, use the following command:
esr(config)# privilege <COMMAND-MODE> level <PRIV><COMMAND>
<COMMAND-MODE> – command mode;
<PRIV> – required command subtree privilege level, takes value in the range of [1..15];
<COMMAND> – command subtree, set by the string of up to 255 characters.
13.2.2 Example of command privilege configuration
Objective:
Transfer all interface information display commands to the privilege level 10 except for 'show interfaces
bridges' command. Transfer 'show interfaces bridges' command to the privilege level 3.
Solution:
In configuration mode, identify commands enabled for operation under privilege level 10 and privilege level 3:
esr(config)# privilege root level 3 "show interfaces bridge"
esr(config)# privilege root level 10 "show interfaces"
13.3 Logging and network attacksprotection configuration
13.3.1 Configuration algorithm
Step Description Command Keys
1 Enable protection against ICMP flood
attacks.
esr(config)# ip firewall screen
dos-defense
icmp-threshold { <NUM> }
<NUM> – amount of ICMP packets
per second, set in the range of
[1..10000]
2 Enable protection against land
attacks.
esr(config)# firewall screen dos-
defense land
3 Enable a limit on the number of
packets sent per second per
destination address
esr(config)# ip firewall screen
dos-defense
limit-session-destination
{ <NUM> }
<NUM> – limit number of IP
packets per second, set in the
range of [1..10000].
4 Enable a limit on the number of
packets sent per second per source
address
esr(config)# ip firewall screen
dos-defense
limit-session-source { <NUM> }
<NUM> – limit number of IP
Packets per second, set in the
range of [1..10000].
To Next Page
Loading...