Configuring The Whitelist - Huawei Quidway S9300 Configuration Manual

8 ACL Configuration
Context
When the S9300 detects the attacks from certain IP addresses or MAC addresses, the S9300 uses
the blacklist to prevent the attacks.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
blacklist acl acl-number &<1-4>
The blacklist is configured.
The value of acl-number ranges from 2000 to 4999. That is, the ACL that can be applied to a
blacklist can be a basic ACL, an advanced ACL, or a MAC address-based ACL.
By default, no blacklist is configured on the S9300.
After a blacklist is configured, all the packets meet the rules in the blacklist are discarded by the
S9300.
----End

8.4.3 Configuring the Whitelist

Context
Through the whitelist function, the packets sent from the whitelist user to the CPU are not
incorrectly discarded in case of a large number of protocol packets. This function is used in a
scenario where protocol packets are used frequently and services are important, such as services
on certain large servers.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
whitelist acl acl-number &<1-4>
The whitelist is configured.
The value of acl-number ranges from 2000 to 4999. That is, the ACL that can be applied to a
whitelist can be a basic ACL, an advanced ACL, or a MAC address-based ACL.
By default, no whitelist is configured on the S9300.
8-10
NOTE
The blacklist has the highest level in an ACL. Before configuring a blacklist, you must confirm the
characteristics of attack packets. An improper configuration will affect the basic functions of the S9300.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Quidway S9300 Terabit Routing Switch
Configuration Guide - Security
Issue 01 (2009-07-28)