No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FAQ-Introduction to NE5000E Attack Prevention Configuration

Publication Date:  2012-07-27 Views:  104 Downloads:  0
Issue Description
Q:
Give an introduction to NE5000E attack prevention configuration 
 
Alarm Information
Null
Handling Process
A:
1. The attack prevention configuration on the core NE5000E router on a provincial network is as follows:
acl number 3001
rule 5 permit tcp destination-port eq bgp
rule 10 permit tcp source-port gt bgp
rule 15 permit icmp icmp-type echo
rule 20 permit icmp icmp-type echo-reply
rule 25 permit ospf
rule 30 permit tcp destination-port eq 22
rule 35 permit tcp destination-port eq telnet
rule 40 permit udp destination-port eq snmp
rule 45 permit udp destination-port eq ntp
rule 50 permit udp source 202.102.15.165 0
rule 55 permit udp source 202.102.2.253 0
rule 60 permit tcp source-port eq ftp
rule 65 permit tcp source-port eq ftp-data
rule 70 permit icmp icmp-type ttl-exceeded
rule 75 permit udp destination-port eq tftp
rule 80 permit udp source-port eq tftp
rule 85 permit tcp source-port eq telnet
rule 90 permit tcp source-port eq tacacs
rule 95 permit udp destination-port eq 1985
rule 100 permit udp source-port eq 1985
rule 105 deny tcp
rule 110 deny udp
#
cpu-defend policy 15
whitelist acl 3001
#
At last, the configuration is delivered to each board.
#
2. Note that, for cpu-defend policy configuration, a policy id can be 4-10, 14-20, or 22-30, where:
policy id 4-10 indicates the attack prevention policy of the 2800 board. Currently, these IDs are not used on NE5000E routers. The 2800 chips are mainly used on the LPUA boards of NE80E/NE40E.
policy id 14-20 indicates the attack prevention policy of the 588 board, mainly used on the LPUB, LPUC, LPUE, and LPUI boards of NE5000E routers.
policy id 22-30 indicates the attack prevention policy of the Rainier board. This ID can be used only on the NETSTREAM board of an NE5000E router. 
 
Root Cause
Null
Suggestions
Null

END