Example for configuring local attack defense for Huawei routers to all versions.
Networking Requirements As shown in Figure 1, users on different LANs access the Internet through Router A. To locate attacks on Router A, attack source tracing needs to be configured to trace the attack source. The following situations occur:
A user on network segment Net1 frequently initiates attacks to Router A.
The attacker sends a large number of ARP Request packets, degrading CPU performance.
The administrator needs to upload files to Router A using FTP. However, no FTP connection has been set up between the administrator's host and Router A.
Most LAN users obtain IP addresses through DHCP, whereas Router A does not first process DHCP client packets sent to the CPU.
Configurations should be performed on Router A to solve the preceding problems. NOTE: This section provides only the configuration procedures related to local attack defense. For details about routing configurations, see the Configuration Guide - IP Routing. Figure 1 Networking diagram of attack defense policy configurations
Procedure 1. Configure the router, such as AR3200. # acl number 4001 //Configure the ACL to be referenced by the blacklist of local attack defense. rule 5 permit source-mac 0001-c0a8-0102 # cpu-defend policy devicesafety //Create a local attack defense policy. auto-defend enable //Enable the attack source tracing capability. auto-defend threshold 50 //Set the attack source tracing threshold to 50 pps. blacklist 1 acl 4001 //Specify the blacklist. packet-type arp-request rate-limit 64 //Set the rate limit for ARP request packets sent to the CPU to 64 pps. application-apperceive packet-type ftp rate-limit 2000 //Set the rate limit for FTP packets to 2000 pps. packet-type dhcp-client priority 3 //Set the priority of the DHCP-client packets sent to the CPU to 3. # cpu-defend-policy devicesafety //Apply the attack defense policy to the MPU. # return 2. Verify the configuration. Run the display cpu-defend policy command on router A to view information about the attack defense policy. Run the display cpu-defend configuration command on router A to view rate limit on protocol packets.
Hello buddies if you are really the online game lover then visit here our homepage you will play free happy wheels games online on your pc tablet and on your smartphone it is the multiplayer game based on the rag-doll theory of physics the goal of the game is to score more than your opponent.