No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.

Knowledge Base

ACLs on the NE40NE80 VRP3.10

Publication Date:  2012-07-27  |   Views:  194  |   Downloads:  0  |   Author:  SU1001891221  |   Document ID:  EKB0000320013


Issue Description

1. Define traffic classification rules and configure rule-map:

1.1 Control the scanning of Nachi
[NE40-8]rule-map intervlan vir_1 icmp any any echo
1.2 Control the propagation of Blaster
[NE40-8]rule-map intervlan vir_2 tcp any any equal 4444
[NE40-8]rule-map intervlan vir_3 udp any any equal 69
1.3 Control the scanning and attack of Blaster
[NE40-8]rule-map intervlan vir_4 tcp any any equal 135
[NE40-8]rule-map intervlan vir_5 udp any any equal 135
[NE40-8]rule-map intervlan vir_6 tcp any any equal 139
[NE40-8]rule-map intervlan vir_7 udp any any equal 139
[NE40-8]rule-map intervlan vir_8 tcp any any equal 445
[NE40-8]rule-map intervlan vir_9 udp any any equal 445
[NE40-8]rule-map intervlan vir_10 tcp any any equal 593
[NE40-8]rule-map intervlan vir_11 udp any any equal 593
1.4 Control the propagation of the Slammer 2003.
[NE40-8]rule-map intervlan vir_12 udp any any equal 1434
1.5 Control the scanning and attack of oscillator.
[NE40-8]rule-map intervlan vir_13 tcp any any equal 5554
[NE40-8]rule-map intervlan vir_14 tcp any any equal 9996
[NE40-8]rule-map intervlan vir_15 tcp any any equal 9995
[NE40-8]rule-map intervlan vir_16 ip any any
2. Define EACLs of policy routing:
[NE40-8]eacl anti-vir vir_1 deny
[NE40-8]eacl anti-vir vir_2 deny
[NE40-8]eacl anti-vir vir_3 deny
[NE40-8]eacl anti-vir vir_4 deny
[NE40-8]eacl anti-vir vir_5 deny
[NE40-8]eacl anti-vir vir_6 deny
[NE40-8]eacl anti-vir vir_7 deny
[NE40-8]eacl anti-vir vir_8 deny
[NE40-8]eacl anti-vir vir_9 deny
[NE40-8]eacl anti-vir vir_10 deny
[NE40-8]eacl anti-vir vir_11 deny
[NE40-8]eacl anti-vir vir_12 deny
[NE40-8]eacl anti-vir vir_13 deny
[NE40-8]eacl anti-vir vir_14 deny
[NE40-8]eacl anti-vir vir_15 deny
[NE40-8]eacl anti-vir vir_16 permit
3. Send EACLs on the interfaces that need to defend virus:
The EACLs can be applicable to the connected interfaces of the NE40/NE80 and the MAN access device; that is, the EACLs can be valid at the ingress only.
3.1 On the NE80:
[NE80]interface GigabitEthernet 1/0/3
[NE80- GigabitEthernet1/0/3]access-group eacl anti-vir
3.2 On the NE40:
[NE40] interface GigabitEthernet 1/0/2
[NE40-GigabitEthernet1/0/2]access-group router eacl anti-vir 
3.3 On the Layer 2 LPU of the NE40:

[NE40] interface Ethernet 3/0/11
[NE40-Ethernet3/0/11]access-group switch eacl anti-vir vlan xx  


Alarm Information


Handling Process

Configure access-group switch eacl anti-vir all according to user requirements

Root Cause