Alteon Application Switch Operating System Application Guide
Securing Alteon
80 Document ID: RDWR-ALOS-V2900_AG1302
Configuring a Deny Route
In this example, IP addresses in the network 62.62.0.0 are under attack from an unknown source.
You temporarily configure Alteon with a deny route so that any traffic destined to this network is
dropped. In the meantime, the attack pattern and source can be detected.
To deny traffic to the destination network 62.62.0.0
Caution: Do not configure a deny route that covers the destination/mask pair of an existing IP
interface's IP address/mask pair. For example, if you have an IP interface of 50.0.0.1/255.0.0.0, and
a deny route of 50.0.0.0/255.0.0, then traffic to the interface as well as the subnet is denied, which
is not the desired result.
Viewing a Deny Route
The following is an example view, or dump, of a deny route.
To view a deny route
Enter the /info/l3/dump command. A deny route appears in the routing table in bold.
>> # /cfg/l3/route
(Select the IP Static Route menu)
>> IP Static Route# add
(Add a static route)
Enter destination IP address: 62.62.0.0
(Of this IP network address)
Enter destination subnet mask: 255.255.0.0 (And this mask address)
Enter gateway IP address (for martian/deny route use 0):0
(Enter 0 to create a deny route)
Enter interface number: (1-256)
(A deny route will ignore an Inter face
number, so don't enter one here.)
Status code: * - best
Destination Mask Gateway Type Tag Metr If
* 0.0.0.0 0.0.0.0 47.80.16.1 indirect static 47
* 52.80.16.0 255.255.254.0 47.80.16.59 direct fixed 47
* 52.80.16.59 255.255.255.25 47.80.16.59 local addr 47
* 62.62.0.0 255.255.0.0 0.0.0.0 deny static 47
To Next Page
Loading...
Need help?
General