Figure 137 Network diagram for blacklist configuration
Configuration procedure
# Configure IP addresses for interfaces. (Omitted)
# Enable the blacklist function.
<Router> system-view
[Router] blacklist enable
# Add Host D's IP address 5.5.5.5 to the blacklist without configuring an aging time for it.
[Router] blacklist ip 5.5.5.5
# Add Host C's IP address 192.168.1.4 to the blacklist, and configure the aging time as 50 minutes.
[Router] blacklist ip 192.168.1.4 timeout 50
Verify the configuration
After the above configuration, view the added blacklist entries through the display blacklist all.
[Router] display blacklist all
-------------------------------------------------------------------------
Blacklist
Blacklist items
------------------------------------------------------------------------------
IP
5.5.5.5
192.168.1.4
After the configuration takes effect, the router should do the following:
Always drop packets from Host D unless you delete Host D's IP address from the blacklist by using
•
undo blacklist ip 5.5.5.5.
Within 50 minutes, drop Host C's packets received.
•
After 50 minutes, normally forward Host C's packets received.
•
Configuring traffic statistics
Network requirements
As shown in
and configure UDP flood attack protection to protect the internal server against external UDP flood
attacks.
Blacklist information
Type
Aging started
YYYY/MM/DD hh:mm:ss YYYY/MM/DD hh:mm:ss
manual 2008/04/09 16:02:20 Never
manual 2008/04/09 16:02:26 2008/04/09 16:52:26 0
Figure
138, configure traffic statistics in the outbound direction of GigabitEthernet 1/0/1,
: enabled
: 2
Aging finished
401
Dropped packets
0