No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - Security 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - Security
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the Management Protocol ACL Delivering Function

Configuring the Management Protocol ACL Delivering Function

Usage Scenario

When there is no need to filter out invalid management protocol packets to be sent to the CPU using hardware, run the management-acl disable command to disable the management protocol ACL delivering function.

This feature is supported only on the Admin-VS.

Prerequisites

None

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run cpu-defend policy policy-number

    The attack defense policy view is displayed.

  3. Run undo management-acl disable

    The management protocol ACL delivering function is enabled.

  4. Run commit

    The configuration is committed.

Checking the Configurations

After configuring interface-based CAR, check the configurations.

Run the display cpu-defend policy policy-number command to view information about the user-defined attack defense policy.

<HUAWEI> display cpu-defend policy 8
 Number : 8                                                                     
 Description :                                                                  
 Related slot : <1>                                                             
 Configuration :                                                                
                                                                                
 Whitelist Configuration :                                                      
 Whitelist enable : open                                                        
 Whitelist ACL number : 0                                                       
 Whitelist : CIR(4000)    CBS(40000)  Min-packet-length(128)                    
 Whitelist priority : middle                                                    
 Whitelist alarm enable : close                                                 
 Whitelist alarm : threshold(1000000) interval(3600) speed-threshold(300)       
 Whitelist IPV6 ACL number : 0
 Whitelist IPV6 : CIR(4000)    CBS(600000)  Min-packet-length(128)        
 Whitelist IPV6 priority : default
 Whitelist IPV6 alarm enable : open 
 Whitelist IPV6 alarm : threshold(30000) interval(600) speed-threshold(300) 
 Blacklist Configuration :                                                      
 Blacklist enable : open                                                        
 Blacklist ACL number : 0                                                       
 Blacklist IPV6 ACL number : 0
 Blacklist : CIR(1)       CBS(1000)   Min-packet-length(128)                    
 Blacklist priority : middle                                                    
 Blacklist alarm enable : close                                                 
 Blacklist alarm : threshold(1000000) interval(3600)                            
                                                                                
 ARP Configuration :                                                            
 Outbound ARP check enable : open                                               
                                                                                
 Total packet Configuration :                                                   
 Total packet car speed : high                                                  
 Total packet alarm enable : close                                              
 Total packet alarm : threshold(1000000) interval(3600)                         
 Process-sequence : tcpsyn-flood fragment-flood dynamic-link-protection management-acl whitelist blacklist user-defined-flow                       
                                                                                
 Dynamic link protection Configuration : 
 Dynamic link protection enable : open

 Application apperceive Configuration :                                         
 Application apperceive enable : open                                           
 Default Action: Min-to-cp                                                      
 Application apperceive alarm enable : open                                     
 Application apperceive alarm : threshold(1000000) interval(3600) speed-threshold(300)  
                                                                                
 MA-Defend Configuration :                                                      
 MA-Defend alarm enable : open                                                  
 MA-Defend alarm : threshold(1000000) interval(3600)                            
                                                                                
 Source Trace Data Configuration :                                              
 Source Trace enable : open                                                     
 Source Trace Type enable :                                                     
 car: open                                                                      
 urpf: open   
 tcpip-defend: open                                                             
 ma-defend: open                                                                
 application-apperceive: open                                                   
 totalcar: open 
 Source Trace Sample : 100                                                      
 Source Trace IPv4 Packet Length : 64                                               
 Source Trace IPv6 Packet Length : 96
                                                                                
 URPF Configuration :
 URPF model : close
 allow default route: close 
 URPF alarm enable : open   
 URPF alarm : threshold(30000) interval(600) speed-threshold(300)

 TCPIP-Defend Configuration : 
 Abnormal Packet Defend : open                                                  
 Udp Packet Defend : open                                                       
 Tcpsyn Flood Defend : open                                                     
 Tcpsyn : CIR(1500)    CBS(15000)  Min-packet-length(128)                       
 Tcpsyn priority : middle                                                       
 fragment-flood Defend : open                                                   
 Ip fragment : CIR(3000)    CBS(30000)  Min-packet-length(128)                  
 Ip fragment priority : middle                                                  
 TCPIP alarm enable : open                                                      
 TCPIP alarm : threshold(1000000) interval(3600) speed-threshold(300)           
                                                                                
 User-defined-flow Configuration :                                             
 User-defined-flow's alarm default configuration :                                  
 alarm enable : open, alarm value : threshold(30000) interval(600) speed-threshold(300) 
 User-defined-flow  1 : CIR(2000)    CBS(20000)  Min-packet-length(128)       
 User-defined-flow  2 : CIR(2000)    CBS(20000)  Min-packet-length(128)         
 User-defined-flow  3 : CIR(2000)    CBS(20000)  Min-packet-length(128)         
 User-defined-flow  4 : CIR(2000)    CBS(20000)  Min-packet-length(128)         
 User-defined-flow  5 : CIR(2000)    CBS(20000)  Min-packet-length(128)      
 User-defined-flow  6 : CIR(2000)    CBS(20000)  Min-packet-length(128)         
 User-defined-flow  7 : CIR(2000)    CBS(20000)  Min-packet-length(128)         
 User-defined-flow  8 : CIR(2000)    CBS(20000)  Min-packet-length(128)         
 User-defined-flow  9 : CIR(2000)    CBS(20000)  Min-packet-length(128)         
 User-defined-flow 10 : CIR(2000)    CBS(20000)  Min-packet-length(128)         
 User-defined-flow 11 : CIR(2000)    CBS(20000)  Min-packet-length(128)       
 User-defined-flow 12 : CIR(2000)    CBS(20000)  Min-packet-length(128)        
 User-defined-flow 13 : CIR(2000)    CBS(20000)  Min-packet-length(128)         
 User-defined-flow 14 : CIR(2000)    CBS(20000)  Min-packet-length(128)      
 User-defined-flow 15 : CIR(2000)    CBS(20000)  Min-packet-length(128)      
 User-defined-flow 16 : CIR(2000)    CBS(20000)  Min-packet-length(128)     
 User-defined-flow 17 : CIR(2000)    CBS(20000)  Min-packet-length(128)      
 User-defined-flow 18 : CIR(2000)    CBS(20000)  Min-packet-length(128)   
 User-defined-flow 19 : CIR(2000)    CBS(20000)  Min-packet-length(128)       
 User-defined-flow 20 : CIR(2000)    CBS(20000)  Min-packet-length(128)          
 User-defined-flow 21 : CIR(2000)    CBS(20000)  Min-packet-length(128)          
 User-defined-flow 22 : CIR(2000)    CBS(20000)  Min-packet-length(128)          
 User-defined-flow 23 : CIR(2000)    CBS(20000)  Min-packet-length(128)      
 User-defined-flow 24 : CIR(2000)    CBS(20000)  Min-packet-length(128)          
 User-defined-flow 25 : CIR(2000)    CBS(20000)  Min-packet-length(128)   
 User-defined-flow 26 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 27 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 28 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 29 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 30 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 31 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 32 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 33 : CIR(2000)    CBS(20000)  Min-packet-length(128)         
 User-defined-flow 34 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 35 : CIR(2000)    CBS(20000)  Min-packet-length(128)  
 User-defined-flow 36 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 37 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 38 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 39 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 40 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 41 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 42 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 43 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 44 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 45 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 46 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 47 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 48 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 49 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 50 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 51 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 52 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 53 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 54 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 55 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 56 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 57 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 58 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 59 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 60 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 61 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 62 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 63 : CIR(2000)    CBS(20000)  Min-packet-length(128)
 User-defined-flow 64 : CIR(2000)    CBS(20000)  Min-packet-length(128)

 Car Configuration :
 All the supported cpcar's alarm default configuration :
 alarm enable : open, alarm value : threshold(30000) interval(600) speed-threshold(300)
 Car isis: Min-packet-length(512)
 Car arp: CIR(32) 


 Enhance Configuration :
 IPv6 enhance acl enable : close

 Ttl-expired-loop Configuration :                                              
 Ttl-expired-loop alarm enable : open                                          
 Ttl-expired-loop alarm : threshold(10) interval(60)                           

 Acl Enable Configuration :                                                    
 Acl ipv4-multicast-fib-miss enable : close                                    

 Cp-Acl-IP-Pool Configuration :                                                
 Cp-acl ip-pool enable : close                                                

 Management-Acl Configuration : 
 Management acl enable : open
Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055397

Views: 20481

Downloads: 39

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next