EasyManuals Logo
Home>HPE>Network Router>FlexNetwork MSR Series

HPE FlexNetwork MSR Series Comware 5 Security Configuration Guide

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #433 background imageLoading...
Page #433 background image
420
Step Command Remarks
5. Configure the action and
silence thresholds for UDP
flood attack protection for a
specific IP address.
defense udp-flood ip
ip-address
rate-threshold high
rate-number
[
low
rate-number ]
Optional.
Not configured by default.
6. Configure the device to
drop UDP flood attack
packets.
defense udp-flood action
drop-packet
Optional.
By default, the device only outputs
alarm logs if detecting an attack.
Applying an attack protection policy to an interface
To make a configured attack protection policy take effect, you need to apply the policy to a specific
interface.
To apply an attack protection policy to an interface:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter interface view.
interface
interface-type
interface-number
N/A
3. Apply an attack protection
policy to the interface.
attack-defense apply policy
policy-number
By default, no attack protection
policy is applied to any interface.
The attack protection policy to be
applied to an interface must already
exist.
Configuring the blacklist function
You can configure a device to filter packets from certain IP addresses by configuring the blacklist
function.
The blacklist configuration includes enabling the blacklist function and adding blacklist entries. When
adding a blacklist entry, you can also configure the entry aging time. If you do not configure the aging
time, the entry never ages out, and always exist until you delete it manually.
To configure the blacklist function:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enable the blacklist function.
blacklist enable
Disabled by default.
3. Add a blacklist entry.
blacklist ip
source-ip-address
[
timeout
minutes ]
Optional.
The scanning attack protection
function can add blacklist entries
automatically.
You can add blacklist entries manually, or configure the device to automatically add the IP addresses
of detected scanning attackers to the blacklist. For the latter purpose, enable the blacklist function for
the device, the scanning attack protection function, and the blacklist function for scanning attack
protection. The blacklist entries added by the scanning attack protection function will be aged after

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals