Configuring Blacklist; Overview; Configuring The Blacklist Function - HP 12500 Series Configuration Manual
Routing
Hide thumbs
Also See for 12500 Series:
- Configuration manual (402 pages) ,
- Network management and monitoring command reference (320 pages) ,
- Command reference manual (157 pages)
Table of Contents
Advertisement
Configuring blacklist
This function is available only on the network management port of the device.
Overview
The blacklist function is an attack protection measure that filters packets by source IP address. Compared
with ACL packet filtering, blacklist filtering is simpler in matching packets and therefore can filter packets
at a high speed. Blacklist filtering is very effective in filtering packets from certain IP addresses.
Working in conjunction with the user login authentication function, the switch can add blacklist entries
automatically and can age such blacklist entries. More specifically, when the switch detects that an FTP,
Telnet, SSH, or web user has failed to provide the correct username, password, or verification code (for
a web login user) after the maximum number of attempts, it considers the user an attacker, adds the IP
address of the user to the blacklist, and filters subsequent login requests from the user. This mechanism
can effectively prevent attackers from cracking login passwords through repeated login attempts. The
maximum number of login failures is six, the blacklist entry aging time is 10 minutes, and they are not
configurable.
The switch also allows you to add and delete blacklist entries manually. Blacklist entries added manually
can be permanent blacklist entries or non-permanent blacklist entries. A permanent entry will always
exist in the blacklist unless you delete it manually. You can configure the aging time of a non-permanent
entry. After the timer expires, the switch automatically deletes the blacklist entry, allowing packets from
the corresponding IP address to pass.
NOTE:
The blacklist function for excessive login failures takes effect only for users who try to log in to the switch
from the interfaces on the MPU.
Configuring the blacklist function
You can configure the switch to filter packets from certain IP addresses by configuring the blacklist
function.
The blacklist configuration includes enabling the blacklist function and adding blacklist entries. When
adding a blacklist entry, you can also configure the entry aging time. If you do not configure the aging
time, the entry will never age out and thus always exist until you delete it manually.
To configure the blacklist function:
Step
1.
Enter system view.
2.
Enable the blacklist function.
Command
system-view
blacklist enable
243
Remarks
N/A
Disabled by default.
Advertisement
Table of Contents
Troubleshooting
