No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Network Management and Monitoring

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of Network Management and Monitoring, including SNMP, RMON, LLDP, NQA, Service Diagnosis, Mirroring, Packet Capture, sFlow, and NETCONF.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring SNMPv3 Attack Defense

(Optional) Configuring SNMPv3 Attack Defense

Context

To improve SNMPv3 connection security, the device supports the blacklist function. The following two types of blacklists are available. You can choose one or configure both of them.

  • IP address blacklist: If an SNMPv3 user fails to access the network, the IP address of this user is added to the blacklist and locked for a certain period of time. The period is 8s for the first lock, 16s for the second lock, 32s for the third lock, and 300s for the fourth lock. The user is not allowed to connect to the network using this IP address within the locking period.
  • User blacklist: When a user fails in authentication consecutively and the number of authentication failures exceeds a limit, the user is added to the blacklist and locked for a certain period. The user will not be authenticated within this period.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Configure the attack defense method.

    • Lock an IP address.

      Run the undo snmp-agent blacklist ip-block disable command to enable the IP address blacklist.

      By default, the IP address blacklist is enabled.

    • Lock a user.
      1. Run undo snmp-agent blacklist user-block disable

        The SNMPv3 user blacklist is enabled.

        By default, the SNMPv3 user blacklist is enabled.

      2. (Optional) Run snmp-agent blacklist user-block failed-times failed-times period period-time

        The limit of consecutive authentication failures and period are set for SNMPv3 users.

        By default, the system locks a user when the user fails in authentication 5 times consecutively within 5 minutes.

      3. (Optional) Run snmp-agent blacklist user-block reactive reactive-time

        The locking period for SNMPv3 users who are added to the blacklist is set.

        By default, an SNMPv3 user is locked for 5 minutes after the user is added to the blacklist. When the locking period expires, the user can be authenticated.

      NOTE:

      When a user fails in authentication consecutively and the number of authentication failures exceeds a limit, the user is added to the blacklist and locked for a certain period. The user will not be authenticated within this period. If you want to authenticate this user during this period, run the snmp-agent activate usm-user command to activate the user.

  3. Run commit

    The configuration is committed.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100075344

Views: 30840

Downloads: 29

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next