Optional) Configuring A Blacklist - Huawei AR1200-S Configuration Manual

Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Security
The AR1200-S supports a maximum of 19 attack defense policies, including the default attack
defense policy. The default attack defense policy is automatically generated in the system by
default and is applied to all boards. The default attack defense policy cannot be deleted or
modified. The other 18 policies can be created and deleted.
Step 3 (Optional) Run:
description text
The description of the attack defense policy is configured.
----End

9.4.3 (Optional) Configuring a Blacklist

A blacklist is a set of unauthorized users. The packets that match ACL rules bound to the blacklist
are discarded.
Context
To defend against malicious attacks, the AR1200-S adds users with a specific characteristic to
a blacklist by using ACL rules and discards the packets sent from the users in the blacklist.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
cpu-defend policy policy-name
The attack defense policy view is displayed.
Step 3 Run:
blacklist blacklist-id acl acl-number
A blacklist is created.
A maximum of eight blacklists can be configured on the AR1200-S.
The ACL referenced by the blacklist can be a basic ACL, an advanced ACL, or a Layer 2 ACL.
By default, no blacklist is configured on the AR1200-S.
----End
9.4.4 (Optional) Configuring the Rate Limit for Packets Sent to the
CPU
The AR1200-S sets different rate limits for packets of different types or discards packets of a
certain type to protect the CPU.
Procedure
Step 1 Run:
system-view
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9 Local Attack Defense Configuration
174