Optional) Setting The Attack Source Tracing Mode; Optional) Configuring The Whitelist For Attack Source Tracing - Huawei Quidway S3700 Series Configuration Manual
Hide thumbs
Also See for Quidway S3700 Series:
- Configuration manual (398 pages) ,
- Quick start manual (70 pages) ,
- Manual (69 pages)
Table of Contents
Advertisement
Quidway S3700 Series Ethernet Switches
Configuration Guide - Security
By default, the alarm function of attack source tracing is disabled.
Step 6 Run:
auto-defend alarm threshold threshold
The alarm threshold for attack source tracing is set.
By default, the alarm threshold for attack source tracing is 128 pps.
----End
6.4.4 (Optional) Setting the Attack Source Tracing Mode
The S3700 provides multiple attack source tracing modes. You can specify the mode by using
commands.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
cpu-defend policy policy-name
The attack defense policy view is displayed.
Step 3 Run:
auto-defend enable
Automatic attack source tracing is enabled.
By default, automatic attack source tracing is disabled.
Step 4 (Optional) Run:
auto-defend trace-type
The attack source tracing type is configured.
By default, the S3700 traces attack sources based on source MAC addresses, source IP addresses,
and source ports+VLANs.
----End
6.4.5 (Optional) Configuring the Whitelist for Attack Source
Tracing
The S3700 does not trace the sources in the whitelist.
Prerequisite
The ACL rules have been configured.
Procedure
Step 1 Run:
system-view
Issue 01 (2011-07-15)
{ source-mac | source-ip | source-portvlan } *
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6 Local Attack Defense Configuration
186
Advertisement
Table of Contents
