Blacklist Configuration Example; Network Requirements; Configuration Procedure; Verifying The Configuration - H3C S5500-EI Series Security Configuration Manual

Blacklist configuration example

Network requirements

As shown in
considered an attacker.
Configure Device to always filter packets from Host D, and to prevent internal users from guessing
passwords.
Figure 147 Network diagram
Host A
Host C (Web user)
192.168.1.4/16

Configuration procedure

# Assign IP addresses to the interfaces of Device. (Details not shown.)
# Enable the blacklist feature.
<Device> system-view
[Device] blacklist enable
# Add the IP address of Host D 5.5.5.5 to the blacklist. Do not specify any aging time to make the entry
never age out.
[Device] blacklist ip 5.5.5.5

Verifying the configuration

If Host C tries to log in to Device through web for six times but fails to log in, the device blacklists Host
C. Use the display blacklist all command to view all added blacklist entries.
[Device] display blacklist all
------------------------------------------------------------------------------
Blacklist
Blacklist items
------------------------------------------------------------------------------
IP
5.5.5.5
192.168.1.4
Figure 147, Host A, Host B, and Host C are internal users, and external user Host D is
Host B
Vlan-int1
192.168.1.1/16
Device
Blacklist information
Type Aging started
YYYY/MM/DD hh:mm:ss YYYY/MM/DD hh:mm:ss
manual 2011/04/09 16:02:20 Never
manual 2011/04/09 16:02:26 2011/04/09 16:12:26 0
Vlan-int2
202.1.0.1/16
Internet
: enabled
: 2
Aging finished
420
Attacker
Host D
5.5.5.5/24
Dropped packets
0