HPE FlexNetwork MSR Series

To Next Page

To Previous Page

157

Figure 164 Add an intrusion detection policy

Attack protection configuration examples

Attack protection configuration example for MSR900/20-1X

Network requirements

As shown in Figure 165, internal users Host A, Host B, and Host C access the Internet through Router.

The network security requirements are as follows:

• Router always drops packets from Host D, an attacker.

• Router denies packets from Host C for 50 minutes for temporary access control of Host C.

• Router provides scanning attack protection and automatically adds detected attackers to the

blacklist.

• Router provides Land attack protection and Smurf attack protection.

Main Page

Default Chapter3
- Table of Contents3
Web Overview16
- Logging in to the Web Interface16
- Logging out of the Web Interface17
- Introduction to the Web Interface17
- User Level19
- Introduction to the Web-Based NM Functions19
- Common Web Interface Elements32
- Managing Web-Based NM through CLI35
  - Enabling/Disabling Web-Based NM35
  - Managing the Current Web User36
- Configuration Guidelines36
- Troubleshooting Web Browser36
  - Cannot Access the Device through the Web Interface36
Displaying Device Information40
- Displaying Broadband Connection Information41
- Displaying 3G Wireless Card State41
- Displaying LAN Information42
- Displaying WLAN Information42
- Displaying Service Information42
- Displaying Recent System Logs42
- Managing Integrated Services42
Basic Services Configuration44
- Configuring Basic Services44
Configuring WAN Interfaces56
- Configuring an Ethernet Interface56
- Configuring an SA Interface59
- Configuring an ADSL/G.SHDSL Interface60
  - Overview60
  - Configuration Procedure61
- Configuring a CE1/PRI Interface64
  - Overview64
  - Configuration Procedure64
- Configuring a CT1/PRI Interface67
- Displaying Interface Information and Statistics68
Configuring Vlans70
- Overview70
- Configuring a VLAN and Its VLAN Interface70
- Configuration Guidelines74
Wireless Configuration Overview75
- Overview75
- Configuration Task List75
Configuring Wireless Services76
- Configuring Wireless Access Service76
- Displaying Wireless Access Service89
- Wireless Access Service Configuration Examples96
Client Mode111
- Enabling the Client Mode112
  - Connecting the Wireless Service113
  - Displaying Statistics114
- Client Mode Configuration Example114
Configuring Radios117
- Configuring Data Transmit Rates120
  - Configuring 802.11A/802.11B/802.11G Rates120
  - Configuring 802.11N MCS121
- Displaying Radio122
  - Displaying WLAN Services Bound to a Radio122
  - Displaying Detailed Radio Information122
Configuring WLAN Security125
- Blacklist and White List125
- Configuring the Blacklist and White List Functions125
- Configuring User Isolation127
Configuring WLAN Qos129
- Configuring Wireless Qos129
- Wireless Qos Configuration Example137
Configuring Advanced Settings141
- Setting a District Code141
- Channel Busy Test141
3G/4G Connection143
- Displaying 3G/4G Connection Information143
- Configuring the Cellular Interface146
- Managing the PIN147
- Rebooting the 3G/4G Modem148
Configuring NAT149
- Overview149
- Recommended Configuration Procedure149
- Configuring Dynamic NAT149
- Configuring a DMZ Host151
  - Creating a DMZ Host151
  - Enabling DMZ Host on an Interface151
- Configuring an Internal Server152
- Enabling Application Layer Protocol Check154
- Configuring Connection Limit154
- NAT Configuration Examples155
  - Internal Hosts Accessing Public Network Configuration Example155
  - Internal Server Configuration Example156
Configuring Access Control160
- Configuration Procedure160
- Access Control Configuration Example161
Configuring URL Filtering163
- Configuration Procedure163
- URL Filtering Configuration Example164
Configuring Attack Protection166
- Overview166
  - Blacklist Function166
  - Intrusion Detection Function166
- Configuring the Blacklist Function168
- Configuring Intrusion Detection170
- Attack Protection Configuration Examples172
  - Attack Protection Configuration Example for MSR900/20-1X172
  - For MSR20/30/36/50/930 Routers175
Configuring Application Control179
- Recommended Configuration Procedure179
- Application Control Configuration Example182
Configuring Webpage Redirection184
Configuring Routes186
- Overview186
- Creating an Ipv4 Static Route186
- Displaying the Active Route Table187
- Ipv4 Static Route Configuration Example188
- Configuration Guidelines191
Configuring User-Based Load Sharing192
- Overview192
- Configuration Procedure192
Configuring Traffic Ordering194
- Overview194
- Recommended Configuration Procedure194
- Setting the Traffic Ordering Interval194
- Specifying the Traffic Ordering Mode195
- Displaying Internal Interface Traffic Ordering Statistics195
- Displaying External Interface Traffic Ordering Statistics196
Configuring DNS197
- Overview197
- Recommended Configuration Procedure197
  - Configuring Dynamic Domain Name Resolution197
  - Configuring DNS Proxy198
- Enabling Dynamic Domain Name Resolution198
- Enabling DNS Proxy198
- Clearing the Dynamic Domain Name Cache199
- Specifying a DNS Server199
- Configuring a Domain Name Suffix199
- Domain Name Resolution Configuration Example200
Configuring DDNS205
- Overview205
- Configuration Prerequisites206
- Configuration Procedure206
- DDNS Configuration Example207
Configuring DHCP210
- Introduction to DHCP210
- Recommended Configuration Procedure211
- Configuration Guidelines213
- Enabling DHCP213
- Configuring DHCP Interface Setup214
- Configuring a Static Address Pool for the DHCP Server215
- Configuring a Dynamic Address Pool for the DHCP Server216
- Configuring IP Addresses Excluded from Dynamic Allocation218
- Configuring a DHCP Server Group219
- DHCP Configuration Examples220
  - DHCP Configuration Example Without DHCP Relay Agent221
  - DHCP Relay Agent Configuration Example228
Configuring Acls233
- Overview233
- Recommended Ipv4 ACL Configuration Procedure233
- Configuration Guidelines233
- Adding an Ipv4 ACL234
- Configuring a Rule for a Basic Ipv4 ACL234
- Configuring a Rule for an Advanced Ipv4 ACL236
- Configuring a Rule for an Ethernet Frame Header ACL239
Configuring Qos242
- Overview242
- Configuring Subnet Limit243
- Configuring Advanced Limit244
- Configuring Advanced Queue246
  - Configuring Interface Bandwidth247
  - Configuring Bandwidth Guarantee248
- Qos Configuration Examples250
  - Subnet Limit Configuration Example250
  - Advanced Queue Configuration Example251
- Appendix Packet Precedences254
Configuring SNMP257
- Overview257
- SNMP Agent Configuration Task List257
- Snmpv1/V2C Configuration Example268
- Snmpv3 Configuration Example271
- Configuring the Nms276
Configuring Bridging277
- Overview277
- Configuring Bridging281
- Bridging Configuration Example283
Configuring User Groups286
- User Group Configuration Task List286
- User Group Configuration Example293
Configuring MSTP301
- Introduction to STP301
- Introduction to RSTP308
- Introduction to MSTP308
- Configuration Restrictions and Guidelines313
- Recommended MSTP Configuration Procedure313
- Configuring an MST Region314
- Configuring MSTP Globally315
- Configuring MSTP on a Port319
- MSTP Configuration Example321
Configuring RADIUS326
- Overview326
- Configuring a RADIUS Scheme326
  - Configuring Common Parameters327
  - Adding RADIUS Servers330
- RADIUS Configuration Example331
- Configuration Guidelines337
Configuring Login Control339
- Configuration Procedure339
- Login Control Configuration Example340
Configuring ARP343
- Overview343
  - Gratuitous ARP343
- Displaying ARP Entries343
- Creating a Static ARP Entry343
- Removing ARP Entries344
- Enabling Learning of Dynamic ARP Entries344
- Configuring Gratuitous ARP345
- Static ARP Configuration Example346
Configuring ARP Attack Protection350
- Overview350
- Configuring Periodic Sending of Gratuitous ARP Packets350
- Configuring ARP Automatic Scanning351
- Configuring Fixed ARP352
Configuring Ipsec VPN355
- Overview355
- Recommended Configuration Procedure355
- Configuring an Ipsec Connection356
- Displaying Ipsec VPN Monitoring Information361
- Ipsec VPN Configuration Example363
- Configuration Guidelines365
Configuring L2TP366
- Enabling L2TP367
- Adding an L2TP Group367
- Displaying L2TP Tunnel Information373
- Client-Initiated VPN Configuration Example373
Configuring GRE378
- Overview378
- Configuring a GRE over Ipv4 Tunnel378
  - Recommended Configuration Procedure378
  - Creating a GRE Tunnel378
- GRE over Ipv4 Tunnel Configuration Example380
SSL VPN Overview386
- How SSL VPN Works386
- Advantages of SSL VPN387
Configuring SSL VPN Gateway388
- Recommended Configuration Procedure388
- Configuring the SSL VPN Service389
- Configuring Web Proxy Server Resources390
- Configuring TCP Application Resources392
- Configuring IP Network Resources399
- Configuring a Resource Group404
- Configuring Local Users406
  - Adding a Local User Manually406
  - Importing Local Users in Bulk408
- Configuring a User Group409
- Viewing User Information411
- Performing Basic Configurations for the SSL VPN Domain412
- Configuring Authentication Policies415
- Configuring a Security Policy421
- Customizing the SSL VPN User Interface424
  - Customizing the SSL VPN Interface Partially424
  - Customizing the SSL VPN Interface Fully425
User Access to SSL VPN427
- Logging in to the SSL VPN Service Interface427
- Accessing SSL VPN Resources428
- Getting Help Information429
- Changing the Login Password429
SSL VPN Configuration Example431
- Network Requirements431
- Configuration Prerequisites431
- Configuration Procedure432
- Verifying the Configuration444
Managing Certificates447
- Overview447
- Recommended Configuration Procedure447
  - Recommended Configuration Procedure for Manual Request448
  - Recommended Configuration Procedure for Automatic Request449
- Creating a PKI Entity450
- Creating a PKI Domain451
- Generating an RSA Key Pair454
- Destroying the RSA Key Pair455
- Retrieving and Displaying a Certificate455
- Requesting a Local Certificate456
- Retrieving and Displaying a CRL457
- PKI Configuration Examples458
- Configuration Guidelines472
Managing the System473
- Configuring Web Management473
- Managing the Configuration473
- Rebooting the Device477
- Managing Services477
- Managing Users479
- Configuring System Time482
- Configuring TR-069 ········································································································································ 131 486
  - Upgrading Software489
    - Upgrading Software (for the MSR900/MSR20-1X)489
    - Upgrading Software (for the MSR20/30/50)490
Configuring SNMP (Lite Version)491
- Overview491
- Enabling the SNMP Agent Function491
- SNMP Configuration Examples493
  - Snmpv1/V2C Configuration Example493
  - Snmpv3 Configuration Example495
Configuring Syslogs497
- Displaying Syslogs497
- Setting the Log Host498
- Setting Buffer Capacity and Refresh Interval499
Using Diagnostic Tools500
- Traceroute500
- Ping500
- Traceroute Operation500
- Ping Operation501
Configuring Winet503
- Enabling Winet503
- Setting the Background Image for the Winet Topology Diagram504
- Managing Winet505
- Configuring a RADIUS User507
- How the Guest Administrator Obtains the Guest Password509
- Winet Configuration Example510
  - Winet Establishment Configuration Example510
  - Winet-Based RADIUS Authentication Configuration Example514
Configuration Wizard518
- Overview518
- Basic Service Setup518
Local Number and Call Route521
- Local Numbers and Call Routes521
- Fax and Modem521
- Call Services521
- Advanced Settings521
Basic Settings522
- Introduction to Basic Settings522
  - Local Number522
  - Call Route522
- Basic Settings523
  - Configuring a Local Number523
  - Configuring a Call Route524
- Configuration Examples of Local Number and Call Route527
Fax and Modem548
- Protocols and Standards for Foip548
- Fax Flow548
- Introduction to Fax Methods549
- SIP Modem Pass-Through Function549
- Configuring Fax and Modem550
  - Configuring Fax and Modem Parameters of a Local Number550
  - Configuring Fax and Modem Parameters of a Call Route553
Call Services554
- Call Waiting554
- Call Hold554
- Call Forwarding554
- Call Transfer554
- Call Backup555
- Hunt Group555
- Call Barring555
- Message Waiting Indication555
- Three-Party Conference555
- Silent Monitor and Barge in Services555
- Calling Party Control556
- Door Opening Control556
- CID on the FXS Voice Subscriber Line556
- CID on the FXO Voice Subscriber Line557
- Support for SIP Voice Service of the VCX557
- Configuring Call Services of a Local Number557
  - Configuring Call Forwarding, Call Waiting, Call Hold, Call Transfer, and Three-Party Conference557
  - Configuring Other Voice Functions559
- Configuring Call Services of a Call Route561
- Call Services Configuration Examples562
Advanced Settings577
- Introduction to Advanced Settings577
  - Coding Parameters577
  - Other Parameters581
- Configuring Advanced Settings of a Local Number581
  - Configuring Coding Parameters of a Local Number581
  - Configuring Other Parameters of a Local Number583
- Configuring Advanced Settings of a Call Route584
  - Configuring Coding Parameters of a Call Route584
  - Configuring Other Parameters for a Call Route584
- Advanced Settings Configuration Example585
  - Configuring Out-Of-Band DTMF Transmission Mode for SIP585
SIP-To-SIP Connections587
- Configuring Media Parameters for SIP-To-SIP Connections587
- Configuring Signaling Parameters for SIP-To-SIP Connections588
Configuring Dial Plans590
- Dial Plan Process590
- Regular Expression591
- Dial Plan Functions592
- Configuring Dial Plan595
- Dial Plan Configuration Examples601
Call Connection622
- Introduction to SIP622
- Support for Transport Layer Protocols627
- SIP Security627
- Support for SIP Extensions629
Configuring SIP Connections630
- Configuring Connection Properties630
  - Configuring Registrar630
  - Configuring Proxy Server631
- Configuring Session Properties632
- Configuring Advanced Settings638
- Configuring Call Release Cause Code Mapping643
  - Configuring PSTN Call Release Cause Code Mappings643
  - Configuring SIP Status Code Mappings644
- SIP Connection Configuration Examples645
Managing SIP Server Groups651
- Creating a SIP Server Group651
- Configuring the Real-Time Switching Function651
- Configuring the Keep-Alive Mode652
- Configuring the Source Address Binding Mode653
- Configuring Server Information Management654
Configuring SIP Trunk656
- Features657
- Typical Applications657
- Protocols and Standards658
- Configuring SIP Trunk658
- Configuring a Call Route for Outbound Calls661
- Configuring a Call Route for Inbound Calls667
- SIP Trunk Configuration Examples667
Managing Data Links679
- Overview679
- Configuring Digital Link Management681
- E1 Voice DSS1 Signaling Configuration Example694
Managing Lines697
- FXS Voice Subscriber Line697
- FXO Voice Subscriber Line697
- E&M Subscriber Line697
  - E&M Introduction697
  - E&M Start Mode697
- One-To-One Binding between FXS and FXO Voice Subscriber Lines699
- Echo Adjustment Function699
- Line Management Configuration700
- Line Management Configuration Examples713
  - Configuring an FXO Voice Subscriber Line713
  - Configuring One-To-One Binding between FXS and FXO714
Configuring SIP Local Survival721
- Service Configuration722
- User Management723
- Trusted Nodes723
- Call-Out Route724
- Area Prefix725
- Call Authority Control725
- SIP Local Survival Configuration Examples727
Configuring IVR741
- Overview741
- Advantages741
- Configuring IVR742
  - Uploading Media Resource Files742
  - Importing a Media Resource through an Moh Audio Input Port743
- Configuring the Global Key Policy744
- Configuring IVR Nodes745
- Configuring Access Number Management751
  - Configuring an Access Number751
  - Configuring Advanced Settings for the Access Number752
- IVR Configuration Examples752
- Customizing IVR Services776
Advanced Configuration795
- Global Configuration795
- VRF-Aware SIP796
- Batch Configuration797
States and Statistics812
- Line States812
  - Displaying Detailed Information about Analog Voice Subscriber Lines813
  - Displaying Detailed Information about Digital Voice Subscriber Lines813
- Call Statistics814
  - Displaying Active Call Summary815
  - Displaying History Call Summary815
- SIP UA States816
  - Displaying TCP Connection Information816
  - Displaying TLS Connection Information816
- Connection Status817
  - Displaying Number Register Status817
  - Displaying Number Subscription Status818
- Local Survival Service States818
- SIP Trunk Account States819
  - Displaying SIP Trunk Account States819
  - Displaying Dynamic Contact States820
- Server Group Information820
- IVR Information821
  - Displaying IVR Call States821
  - Displaying IVR Play States821
Document Conventions and Icons823
- Conventions823
- Command Conventions823
- Network Topology Icons824
Support and Other Resources825
- Accessing Hewlett Packard Enterprise Support825
- Accessing Updates825
Index828

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Related product manuals