5.1 Overview of IP Source Guard........................................................................................................................169

5.2 IP Source Guard Features Supported by the S3700.......................................................................................169

5.3 Configuring IP Source Guard.........................................................................................................................170

5.3.1 Establishing the Configuration Task.....................................................................................................170

5.3.2 (Optional) Configuring a Static User Binding Entry.............................................................................171

5.3.3 Enabling IP Source Guard.....................................................................................................................171

5.3.4 Configuring the Check Items of IP Packets...........................................................................................172

5.3.5 (Optional) Configuring the Alarm Function of IP Source Guard..........................................................173

5.3.6 (Optional) Configuring the Function of Discarding IP Packets with the Same Source and Destination IP

Addresses........................................................................................................................................................173

5.3.7 Checking the Configuration...................................................................................................................174

5.4 Configuration Examples.................................................................................................................................174

5.4.1 Example for Configuring IP Source Guard...........................................................................................174

6 Local Attack Defense Configuration.....................................................................................177

6.1 Overview of Local Attack Defense................................................................................................................178

6.2 Local Attack Defense Features Supported by the S3700...............................................................................178

6.3 Configuring the Attack Defense Policy..........................................................................................................178

6.3.1 Establishing the Configuration Task.....................................................................................................178

6.3.2 Creating an Attack Defense Policy........................................................................................................179

6.3.3 Configuring the Blacklist.......................................................................................................................179

6.3.4 (Optional) Configuring the Rule for Sending Packets to the CPU........................................................180

6.3.5 (Optional) Setting the Queue Number for Protocol Packets Sent to the CPU......................................181

6.3.6 Applying the Attack Defense Policy.....................................................................................................182

6.3.7 Checking the Configuration...................................................................................................................182

6.4 Configuring Attack Source Tracing...............................................................................................................184

6.4.1 Establishing the Configuration Task.....................................................................................................184

6.4.2 Creating an Attack Defense Policy........................................................................................................184

6.4.3 Configuring Attack Source Tracing......................................................................................................185

6.4.4 (Optional) Setting the Attack Source Tracing Mode.............................................................................186

6.4.5 (Optional) Configuring the Whitelist for Attack Source Tracing..........................................................186

6.4.6 (Optional) Specifying Protocol Types Supporting Source Tracing.......................................................187

6.4.7 (Optional) Configuring Auto-Defend Function for Source Tracing......................................................188

6.4.8 (Optional) Setting the Sampling Ratio for Attack Source Tracing........................................................188

6.4.9 Applying the Attack Defense Policy.....................................................................................................189

6.4.10 Checking the Configuration.................................................................................................................189

6.5 Maintaining the Attack Defense Policy..........................................................................................................190

6.5.1 Clearing Statistics About Packets Destined for the CPU......................................................................190

6.5.2 Clearing Statistics About Attack Sources..............................................................................................190

6.6 Configuration Examples.................................................................................................................................191

6.6.1 Example for Configuring an Attack Defense Policy.............................................................................191

7 PPPoE+ Configuration..............................................................................................................194

Issue 01 (2011-07-15)

Huawei Proprietary and Confidential

Contents

Table of Contents