Login
- Table of Contents
-
- H3C S7500 Series Operation Manual(Release 3100 Series)-(V1.04)
- 00-1Cover
- 00-2Overview
- 01-CLI Configuration
- 02-Login Configuration
- 03-Configuration File Management Configuration
- 04-VLAN Configuration
- 05-Extended VLAN Application Configuration
- 06-IP Address-IP Performance-IPX Configuration
- 07-GVRP Configuration
- 08-QinQ Configuration
- 09-Port Basic Configuration
- 10-Link Aggregation Configuration
- 11-Port Isolation Configuration
- 12-Port Binding Configuration
- 13-DLDP Configuration
- 14-MAC Address Table Configuration
- 15-MSTP Configuration
- 16-Routing Protocol Configuration
- 17-Multicast Configuration
- 18-802.1x Configuration
- 19-AAA-RADIUS-HWTACACS-EAD Configuration
- 20-Traffic Accounting Configuration
- 21-VRRP-HA Configuration
- 22-ARP Configuration
- 23-DHCP Configuration
- 24-ACL Configuration
- 25-QoS Configuration
- 26-Mirroring Configuration
- 27-Cluster Configuration
- 28-PoE Configuration
- 29-UDP-Helper Configuration
- 30-SNMP-RMON Configuration
- 31-NTP Configuration
- 32-SSH Terminal Service Configuration
- 33-File System Management Configuration
- 34-FTP and TFTP Configuration
- 35-Information Center Configuration
- 36-DNS Configuration
- 37-System Maintenance and Debugging Configuration
- 38-HWPing Configuration
- 39-RRPP Configuration
- 40-NAT-Netstream-Policy Routing Configuration
- 41-Telnet Protection Configuration
- 42-Hardware-Dependent Software Configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 41-Telnet Protection Configuration | 77 KB |
Table of Contents
Chapter 1 Telnet Protection Configuration
1.2 Telnet Protection Configuration
1.2.1 Configuring Telnet Protection
1.2.2 Configuring SNMP Protection
1.2.3 Configuring ICMP Protection
1.2.4 Configuring Default-route Telnet Protection
Chapter 1 Telnet Protection Configuration
When configuring Telnet protection, go to these sections for information you are interested in:
l Telnet Protection Configuration
1.1 Introduction
The Telnet protection function is used to protect Telnet packets, SNMP packets, and ICMP packets from the specific source IP addresses in the case of attacks against the network or high CPU utilization.
Telnet protection comes in global Telnet protection, special ARP Telnet protection, and default-route Telnet protection. Global Telnet protection is the highest in priority; then comes special ARP Telnet protection and default-route Telnet protection is the lowest in priority.
After you configure global Telnet protection, all the Layer-3 interfaces are protected. You can also configure special ARP Telnet protection to protect specified Layer-3 interfaces. If the default route exists, you can enable special ARP Telnet protection on the gateway of the network segment where the next hop of the default route resides through enabling default-route Telnet protection. By default, default-route Telnet protection is disabled.
Before configuring Telnet protection, you need to enable Telnet, SNMP, and ICMP protection respectively. You can configure Telnet protection, SNMP protection, and ICMP protection for only the packets of the specific source IP addresses.
Caution:
After the network address translation (NAT) function is enabled,
l You cannot configure global Telnet protection.
l You cannot configure special ARP Telnet protection for the Layer-3 interface where NAT resides.
l You cannot configure default-route Telnet protection.
1.2 Telnet Protection Configuration
1.2.1 Configuring Telnet Protection
Follow these steps to configure Telnet protection:
|
To do... |
Use the command... |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable Telnet protection |
attack-protection telnet [ ip-address ] |
Required If you use this command with the ip-address parameter, you can protect the packets that match this source IP address only. |
|
Enable global Telnet protection or special ARP Telnet protection |
attack-protection [ ip-address ] |
Required If you use this command with the ip-address parameter, you can protect the specified Layer-3 interfaces. |
1.2.2 Configuring SNMP Protection
Follow these steps to configure SNMP protection:
|
To do... |
Use the command... |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable SNMP protection |
attack-protection snmp [ ip-address ] |
Required If you use this command with the ip-address parameter, you can protect the packets that match this source IP address only. |
|
Enable global Telnet protection or special ARP Telnet protection |
attack-protection [ ip-address ] |
Required If you use this command with the ip-address parameter, you can protect the specified Layer-3 interfaces. |
1.2.3 Configuring ICMP Protection
Follow these steps to configure ICMP protection:
|
To do... |
Use the command... |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable ICMP protection |
attack-protection icmp [ ip-address ] |
Required If you use this command with the ip-address parameter, you can protect the packets that match this source IP address only. |
|
Enable global Telnet protection or special ARP Telnet protection |
attack-protection [ ip-address ] |
Required If you use this command with the ip-address parameter, you can protect the specified Layer-3 interfaces. |
1.2.4 Configuring Default-route Telnet Protection
Follow these steps to configure default-route Telnet protection:
|
To do... |
Use the command... |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable default-route Telnet protection |
undo attack-protection disable-defaultroute |
Required By default, default-route Telnet protection is disabled. |
