Telnet protection is designed to prevent
telnet failure due to network attacks and full CPU occupation.
Telnet protection comes in global ARP
Telnet protection, special ARP Telnet protection, and default-routing ARP
Telnet protection. Global ARP Telnet protection is the highest in priority;
then comes special ARP Telnet protection and default-route ARP Telnet
protection is the lowest in priority.
After you configure global ARP Telnet
protection, all the Layer-3 interfaces are protected. You can also configure
special ARP Telnet protection to protect specified Layer-3 interfaces. If a
default route exists, the gateway where the next hop of the default route
resides is set to special ARP remote login protection by default. You can also
disable the default-routing ARP Telnet protection function.
Before configuring Telnet protection, you
need to enable Telnet, SNMP, and ICMP Telnet protection respectively.
Caution:
After the network
address translation (NAT) function is enabled,
l
you cannot configure global ARP Telnet
protection.
l
you cannot configure special-ARP Telnet
protection for the Layer-3 interface where NAT resides.
l
the default-routing Telnet protection is
disabled automatically.
Table 1-1 Configure Telnet protection
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Enable
Telnet protection
|
attack-protection
telnet [ ip-address ]
|
Required
If you use
this command with the ip-address parameter, you can protect the
packets that match this source IP address only
|
|
Enable global ARP Telnet protection or
special ARP Telnet protection
|
attack-protection [ ip-address ]
|
Optional
By default, the gateway where the next
hop of the default route resides is set to special ARP Telnet protection
|
Table 1-2 Configure SNMP Telnet
protection
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Enable SNMP protection
|
attack-protection snmp [ ip-address ]
|
Required
If you use this command with the ip-address
parameter, you can protect the packets that match this source IP address only
|
|
Enable global ARP Telnet protection or
special ARP Telnet protection
|
attack-protection [ ip-address ]
|
Optional
By default, the gateway where the next hop
of the default route resides is set to special ARP Telnet protection
|
Table 1-3 Configure ICMP Telnet
protection
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Enable ICMP protection
|
attack-protection icmp [ ip-address ]
|
Required
If you use this command with the ip-address
parameter, you can protect the packets that match this source IP address only
|
|
Enable global ARP Telnet protection or
special ARP Telnet protection
|
attack-protection [ ip-address ]
|
Optional
By default, the gateway where the next
hop of the default route resides is set to special ARP Telnet protection
|
Table 1-4 Disable default-routing Telnet
login protection
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Disable default-routing Telnet login
protection
|
attack-protection disable-defaultroute
|
Required
By default, the gateway where the next hop
of the default route resides is set to special ARP Telnet protection
|
