Figure 8-4 Networking Diagram For Configuring The Blacklist And Whitelist - Huawei Quidway S9300 Configuration Manual
Terabit routing switch v100r001c03
Hide thumbs
Also See for Quidway S9300:
- Configuration manual - network management (630 pages) ,
- Configuration manual (603 pages) ,
- Configuration manual - multicast (262 pages)
Table of Contents
Advertisement
8 ACL Configuration
<Quidway>
User Defined Traffic Policy Information:
Policy: tp1
----End
Configuration Files
#
sysname Quidway
#
acl number 4000
rule 5 deny source-mac 00e0-f201-0101 ffff-ffff-ffff dest-mac 0260-e207-0002 ff
ff-ffff-ffff
#
acl number 3003
rule 5 deny ip source 10.164.3.0 0.0.0.255 destination 10.164.9.1 0 time-range
satime
#
traffic classifier tc1 operator or precedence 15
if-match acl 4000
#
traffic behavior tb1
#
traffic policy tp1
classifier tc1 behavior tb1
#
interface GigabitEthernet2/0/1
traffic-policy tp1 inbound
#
return
8.6.4 Example for Configuring the Blacklist and Whitelist
Networking Requirements
As shown in
that is affected by the virus sends a large number of ARP packets to attack the gateway. This
affects the CPU of the S9300. It is required that the ACL configured on the S9300 to discard the
packets sent from HostA and services of HostB be not affected.
Figure 8-4 Networking diagram for configuring the blacklist and whitelist
Whitelist 10.164.2.3/24
HostB
HostA
8-22
display traffic policy user-defined tp1
Classifier: default-class
Behavior: be
-none-
Classifier: tc1
Behavior: tb1
Deny
Figure
8-4, the S9300 that functions as the gateway is connected to the PC. HostA
Blacklist 10.164.2.2/24
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
GE1/0/1
GE2/0/1
S9300
Quidway S9300 Terabit Routing Switch
Configuration Guide - Security
IP network
Issue 01 (2009-07-28)
Advertisement
Table of Contents
