Login
- Table of Contents
-
- H3C S9500 Operation Manual-Release1648[v1.24]-07 Security Volume
- 00-1Cover
- 01-Protocol Port Security Configuration
- 02-802.1x Configuration
- 03-AAA RADIUS HWTACACS Configuration
- 04-Password Control Configuration
- 05-SSH Configuration
- 06-IDS Linkage Configuration
- 07-Portal Configuration
- 08-VBAS Configuration
- 09-Traffic Accounting Configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-Protocol Port Security Configuration | 27.1 KB |
Chapter 1 Protocol Port Security Configuration
1.1 Introduction to Protocol Port Security
1.2 Configuring Protocol Port Security
1.2.1 Setting the State of Protocol Port
1.2.2 Setting the State of HTTP Protocol Port
Chapter 1 Protocol Port Security Configuration
When performing protocol port security configuration, go to these sections for information you are interested in:
l Introduction to Protocol Port Security
l Configuring Protocol Port Security
1.1 Introduction to Protocol Port Security
The protocol port security function is short for TCP, UDP protocol port shutdown check function. If a protocol is not enabled, this function can drop the packet on the interface board whose destination IP is the virtual interface IP of the switch, so that it reduces the unnecessary communications between the boards and the CPU operation of the SRPU, and enhances the anti-interference ability of the switch to the packet.
1.2 Configuring Protocol Port Security
1.2.1 Setting the State of Protocol Port
Perform the following configuration in system view to set the status of protocol ports:
|
Operation |
Command |
|
Enable the protocol port security function |
ip portsafe enable |
|
Disable the protocol port security function |
undo ip portsafe enable |
By default, the protocol port security function is enabled.
Following table lists the protocols that can be checked.
Table 1-1 State of the protocol port
|
Protocol |
Port |
Default State |
|
IGMP/IGSP |
PROTOCOL:2 |
Close |
|
OSPF |
PROTOCOL:89 |
Close |
|
PIM |
PROTOCOL:123 |
Close |
|
SSH |
TCP:22 |
Close |
|
TELNET |
TCP:23 |
Close |
|
HTTP |
TCP:80 |
Open |
|
BGP |
TCP:179 |
Close |
|
MPLS LDP |
TCP:646 |
Close |
|
DHCP |
UDP:67,68 |
Close |
|
NTP |
UDP:123 |
Close |
|
SNMP-AGENT |
UDP:161 |
Close |
|
RIP |
UDP:520 |
Close |
|
MPLS LDP |
UDP:646 |
Close |
|
RADIUS CLIENT |
UDP:1812 |
Close |
|
RADIUS LOCAL SERVER |
UDP:1645,1646 |
Open |
|
PORTAL SERVER |
UDP:2000 |
Close |
1.2.2 Setting the State of HTTP Protocol Port
Perform the following configurations in system view to set the status of HTTP protocol port:
|
Operation |
Command |
|
Shutdown the port of HTTP protocol |
ip http shutdown |
|
Open the port of HTTP protocol |
undo ip http shutdown |
By default, the port 80 of HTTP protocol is enabled.
