User Blacklist Configuration Example - HPE FlexNetwork 10500 Series Security Configuration Manual

# Add an IPv4 blacklist entry for Host D.
[Device] blacklist ip 5.5.5.5
# Add an IPv4 blacklist entry for Host C and set the blacklist entry aging time to 50 minutes.
[Device] blacklist ip 192.168.1.4 timeout 50
Verifying the configuration
# Verify that the IPv4 blacklist entries are successfully added.
<Device> display blacklist ip
IP address
5.5.5.5
192.168.1.4
# Verify that the device drops packets from Host D. (Details not shown.)
# Execute the undo blacklist ip 5.5.5.5 command and verify that the device forwards packets from
Host D. (Details not shown.)
# Verify that the device drops packets from Host C for 50 minutes and forwards packets from Host C
after 50 minutes. (Details not shown.)

User blacklist configuration example

Network requirements
As shown in
C for 50 minutes. The IP address of User C is 1.2.3.4 and the MAC address of User C is
0001-0001-0001.
Figure 128 Network diagram
User A
User C
IP:1.2.3.4
MAC:0001-0001-0001
Configuration procedure
1. Configure IP addresses for the interfaces on the device. (Details not shown.)
2. Configure user identification:
# Add a network access user named userc.
<Device> system-view
[Device] local-user userc class network
[Device-luser-network-userc] quit
# Configure a static identity user with username userc, IP address 1.2.3.4, and MAC address
0001-0001-0001.
[Device] user-identity static-user userc bind ipv4 1.2.3.4 mac 0001-0001-0001
# Enable user identification.
[Device] user-identity enable
VPN instance
--
--
Figure 128, configure the user blacklist feature on the device to block packets from User
User B
Device
GE1/0/1
DS-Lite tunnel peer
--
--
GE1/0/2
494
Type TTL(sec) Dropped
Manual Never 0
Manual 2989 0
Internet