No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - Security 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - Security
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Applying IPsec

Applying IPsec

After IPsec is configured, you can configure protocols to use it for protocol packet authentication.

Context

To defend against network attacks, configure IPsec so that IPsec can be implemented on protocol packets exchanged between router. For details, see Table 12-1.

Table 12-1 IPsec applications

Protocol

Usage scenario

Reference

DHCPv6 Relay

If an attacker pretends to be a DHCPv6 server and sends bogus DHCPv6 messages to a client, the client may suffer from DoS attacks or be incorrectly configured. To defend against DoS attacks, implement IPsec on packets exchanged between DHCPv6 relay agents or between a DHCPv6 relay agent and a DHCPv6 server.

Configuring IPsec on a DHCPv6 Relay Agent

RIPng

If IPSec authentication is configured on a RIPng network, the sent and received RIPng packets will be authenticated, and those cannot pass authentication will be discarded. This can improve the security of the RIPng network.

Configuring IPSec Authentication for RIPng

OSPFv3

OSPFv3 IPsec uses a set of IPsec mechanisms to authenticate sent and received OSPFv3 packets, protecting devices against invalid OSPFv3 packets.

Configuring OSPFv3 IPsec

IGMP

On a multicast network, forged IGMP messages may be used to attack devices, causing devices unable to forward multicast traffic. To protect a device against attacks launched using forged IGMP messages, use this feature to authenticate sent and received IGMP messages based on a specified SA.

Configuring IGMP IPSec

MLD

On a multicast network, forged MLD messages may be used to attack devices, causing devices unable to forward multicast traffic. To protect a device against attacks launched using forged MLD messages, use this feature to authenticate sent and received MLD messages based on a specified SA.

Configuring MLD IPsec

IPv4 PIM

On a multicast network, forged IPv4 PIM messages may be used to attack devices, causing devices unable to forward multicast traffic. To protect a device against attacks launched using forged IPv4 PIM messages, use this feature to authenticate sent and received IPv4 PIM messages based on a specified SA.

Configuring IPv4 PIM IPSec

IPv6 PIM

On a multicast network, forged IPv6 PIM messages may be used to attack devices, causing devices unable to forward multicast traffic. To protect a device against attacks launched using forged IPv6 PIM messages, use this feature to authenticate sent and received IPv6 PIM messages based on a specified SA.

Configuring IPv6 PIM IPsec

Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055397

Views: 19641

Downloads: 39

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next