No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Product Description

This is NE40E V800R010C10SPC500 Product Description
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Security Features

Security Features

Feature

Description

User management

  • User authorization in AAA management

  • Refined user authority control, including user-group-based control and task-group-based control

  • Hierarchical command authority management, preventing unauthorized users from operating devices

  • HWTACACS authentication and authorization

Security authentication

  • AAA

  • Plaintext authentication and MD5 ciphertext authentication supported by routing protocols (RIPv2, OSPF, IS-IS, and BGP)

  • MD5 ciphertext authentication supported by LDP and RSVP

  • SNMPv3 encryption and authentication

URPF

The NE40E supports URPF for IPv4/IPv6 traffic.

MAC address

  • MAC address limit

  • MAC entry deletion

Unknown traffic limit

  • Bandwidth allocation

  • User traffic management

NOTE:

The unknown traffic limit feature is implemented on a Layer 2 network to maximize network bandwidth usage and ensure network security.

ARP attack defense

  • Interface-based ARP entry limit

  • Timestamp suppression based on the source and destination IP addresses of ARP packets

  • Destination address check for ARP packets

  • ARP bidirectional isolation

  • Filtering of invalid ARP packets

BGP Flowspec

  • Filtering of BGP traffic based on the ACL policy carried in BGP packets

  • Filtering of BGP traffic based on the route attribute carried in BGP packets.

IGMP snooping

The NE40E supports IGMP snooping on Layer 2 interfaces and VPLS PWs.

MLD snooping

The NE40E supports MLS snooping on Layer 2 interfaces and VPLS PWs.

Proactive loop detection

The NE40E supports proactive loop detection on Ethernet interfaces.

DHCP snooping

The NE40E can defend against the following attacks:
  • Bogus DHCP server attack

  • Man-in-the-middle attack

  • IP/MAC spoofing attack and DHCP exhaustion attack

  • Starvation attack

  • DoS attack

Keychain

  • Keychain authentication for non-TCP applications

  • Keychain authentication for TCP applications

Packet header obtaining

  • Obtaining of packet headers to be sent to CPUs

  • Obtaining of packet headers to be forwarded

Local attack defense

  • Whitelist

  • Blacklist

  • CPU total CAR

  • User-defined list

  • Active link protection (ALP)

    The NE40E protects TCP-based application-layer data, such as session data, using the whitelist function.

  • Uniform configuration of CAR parameters

  • Smallest packet compensation

  • Association between the application layer and lower layers

  • Local URPF

  • Management and service plane protection

  • Defense against TCP/IP packet attacks

  • Attack source tracing

  • Discarding and rate limit based on the TTL range

GTSM

  • BGP GTSM

  • OSPF GTSM

  • LDP GTSM

SSHv2

The NE40E supports the STelnet client and server and the SFTP client and server. Both support SSHv1 (SSH1.5) and SSHv2 (SSH2.0).

IPsec

  • Transport mode and tunnel mode
  • IKEv1 and IKEv2
  • GRE over IPsec
  • NAT traversal
  • IPsec L3VPN
  • Packet fragmentation and reassembly
  • Keepalive and DPD for peer detection
  • Dynamic and remote IPsec access
  • IPsec Public Key Infrastructure (PKI)
  • Pre-shared key
  • CMPv2, which manages certificates online and simplifies certificate management and maintenance
  • IPsec dual-device backup
  • VXLAN over IPsec
System integrity protection
  • Digital signature
  • Trusted computing
Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055060

Views: 3620

Downloads: 157

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next