No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Security

S7700 and S9700 V200R011C10

This document describes the configurations of Security, including ACL, reflective ACL, local attack defense, MFF, attack defense, traffic suppression and storm control, ARP security, port security, DHCP snooping, ND snooping, PPPoE+, IPSG, SAVI, URPF, keychain, separating the management plane from the service plane, security risks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring IP Source Trail

Configuring IP Source Trail

Context

When a user host is attacked, you can configure IP Source Trail on the device to which the host connects. IP Source Trail helps you determine the attack source and respond accordingly.

In Figure 12-13, when volume of traffic on Host_3 with IP address 10.0.0.3/24 is abnormal, configure IP Source Trail on the switch to trace the traffic destined for Host_3 from the intranet and extranet. After the attack source is located, you can take measures such as configuring an ACL to deny attack traffic.

Figure 12-13  IP Source Trail networking
NOTE:
  • IP Source Trail conflicts with NetStream. Therefore, do not configure them simultaneously.
  • For S7700&S9700 series switches, only B series cards, E series cards (except EH1D2X48SEC0), and X series cards support IP Source Trail.

Procedure

  1. Run the system-view command to enter the system view.
  2. Run the ip source-trail ip-address ip-address command to configure IP Source Trail based on destination addresses.

    By default, IP Source Trail is disabled.

Verifying the Configuration

Run the display ip source-trail [ ip-address ip-address [ slot slot-id | verbose ] ] command to view IP Source Trail statistics.

<HUAWEI> display ip source-trail ip-address 10.0.0.3
 Destination Address: 10.0.0.3   
   SrcAddr         SrcIF      Bytes      Pkts       Bits/s     Pkts/s 
   ----------------------------------------------------------------------
   10.1.1.1        GE3/0/1    14.785M    10.577K    204.601K   18
   10.1.1.2        GE3/0/1    85.971M    60.234K    1.356M     121

The preceding command output shows that the host with IP address 10.1.1.2 has sent a large number of packets, indicating that this host is the attack source. You can then configure an ACL on the switch to discard the packets sent from host 10.1.1.2 to host 10.0.0.3.

Translation
Download
Updated: 2019-04-01

Document ID: EDOC1000178319

Views: 137232

Downloads: 78

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next