No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - Security 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - Security
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring MPAC

Example for Configuring MPAC

This section provides Management Plane Access Control (MPAC) configuration examples.

Networking Requirements

To prevent an attacker from sending various types of TCP/IP attack packets to paralyze Device A, MPAC is deployed on Device A, as shown in Figure 16-1.

Figure 16-1 MPAC networking
NOTE:

Interface 1 in this example is GE 0/1/0.


Configuration Notes

None.

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure an IP address and routes for each interface to ensure network connectivity.

  2. Configure an IPv4 MPAC policy named test on Device A.

  3. Apply the IPv4 MPAC policy named test to GE 0/1/0.

  4. Apply the IPv4 MPAC policy named test to Device A.

Data Preparation

To complete the configuration, you need the following data:

  • IP address and routes on each interface

  • Name of the policy with which the rate for sending packets to the CPU is restricted

  • IPv4 MPAC policy applied to Device A

  • IPv4 MPAC policy applied to GE 0/1/0

Procedure

  1. Configure an IP address and routes for each interface to ensure network connectivity. For configuration details, see "Configuration Files" in this section.
  2. Configure an IPv4 MPAC policy named test on Device A.

    <DeviceA> system-view
    [DeviceA] service-security policy ipv4 test
    [DeviceA-service-sec-test] rule 10 deny protocol ip source-ip 10.10.1.1 0
    [DeviceA-service-sec-test] step 10
    [DeviceA-service-sec-test] description rule 10 is deny ip packet which from 10.10.1.1
    [DeviceA-service-sec-test] commit
    [DeviceA-service-sec-test] quit

  3. Apply the IPv4 MPAC policy named test to Device A.

    [DeviceA] service-security global-binding ipv4 test
    [DeviceA] commit

  4. Apply the IPv4 MPAC policy named test to GE 0/1/0 on Device A.

    [DeviceA] interface gigabitethernet 0/1/0
    [DeviceA-GigabitEthernet0/1/0] service-security binding ipv4 test
    [DeviceA-GigabitEthernet0/1/0] commit
    [DeviceA-GigabitEthernet0/1/0] quit

  5. Verify the configuration.

    After completing the configurations, run the display service-security statistics command to view the statistics about the IPv4 MPAC policy.

    [DeviceA] display service-security statistics ipv4 test
    Policy Name : test
    Description : rule 10 is deny ip packet which from 10.10.1.1
    Step        : 10
     rule 10 deny protocol ip source-ip 10.10.1.1 0 (10 times matched)

Configuration Files

  • Device A configuration file

    #
    sysname DeviceA
    #
    service-security global-binding ipv4 test
    #
    service-security policy ipv4 test
     description rule 10 is deny ip packet which from 10.10.1.1
     step 10
     rule 10 deny protocol ip source-ip 10.10.1.1 0
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ip address 10.10.1.2 255.255.255.0
     service-security binding ipv4 test
    #
Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055397

Views: 19707

Downloads: 39

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next