Choose any of these login options:

Example for Configuring Local Attack Defense

Example for configuring local attack defense for Huawei routers to all versions.

Networking Requirements
As shown in Figure 1, users on different LANs access the Internet through Router A. To locate attacks on Router A, attack source tracing needs to be configured to trace the attack source. The following situations occur:

  • A user on network segment Net1 frequently initiates attacks to Router A.
  • The attacker sends a large number of ARP Request packets, degrading CPU performance.
  • The administrator needs to upload files to Router A using FTP. However, no FTP connection has been set up between the administrator's host and Router A.
  • Most LAN users obtain IP addresses through DHCP, whereas Router A does not first process DHCP client packets sent to the CPU.
Configurations should be performed on Router A to solve the preceding problems.
This section provides only the configuration procedures related to local attack defense. For details about routing configurations, see the Configuration Guide - IP Routing.
Figure 1 Networking diagram of attack defense policy configurations

1. Configure the router, such as AR3200.
acl number 4001 //Configure the ACL to be referenced by the blacklist of local attack defense.
 rule 5 permit source-mac 0001-c0a8-0102
cpu-defend policy devicesafety //Create a local attack defense policy.
 auto-defend enable  //Enable the attack source tracing capability.
 auto-defend threshold 50  //Set the attack source tracing threshold to 50 pps.
 blacklist 1 acl 4001 //Specify the blacklist.
 packet-type arp-request rate-limit 64 //Set the rate limit for ARP request packets sent to the CPU to 64 pps.
 application-apperceive packet-type ftp rate-limit 2000  //Set the rate limit for FTP packets to 2000 pps.
 packet-type dhcp-client priority 3  //Set the priority of the DHCP-client packets sent to the CPU to 3.
 cpu-defend-policy devicesafety  //Apply the attack defense policy to the MPU.
2. Verify the configuration.
Run the display cpu-defend policy command on router A to view information about the attack defense policy.
Run the display cpu-defend configuration command on router A to view rate limit on protocol packets.

More related:
Example for Configuring the Netstream Function to Account User Traffic 
Example for Configuring the SNMP Function to Implement Communication Between the Device and the NMS 
Example for Connecting Intranet Users to the Internet in NAT Address Pool Mode
Example for Connecting Intranet Users to the Internet in Easy IP Mode 
Example for Configuring the Device as a PPPoE Client to Connect Users to the Internet 

share on: Share it! Tweet it! Stumble it! Digg it! Email it!  |  Permalink  |  lookafterpp in Huawei router | 3 Comments
Reader Comments  (3)

 | November 24th 2017 at 1511517920

Hello buddies if you are really the online game lover then visit here our homepage you will play free happy wheels games online on your pc tablet and on your smartphone it is the multiplayer game based on the rag-doll theory of physics the goal of the game is to score more than your opponent.
no photo
williamvriley   | February 7th 2018 at 1518072740

All people feel a feeling of fulfillment and happiness once their perspective of the point is thought about. In this manner, understudies over the UK should make it a point to make utilization of the Essay Writing Services UK Based as these scholars make sure that they consolidate the understudy's criticism into their composition.

Post a Comment
Reputation: 0 (0%)
Member Since:  Jul 2013
Last activity: 5/13/15, 6:05 pm