Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-Protocol Port Security Commands | 42.45 KB |
Table of Contents
Chapter 1 Protocol Port Security Configuration Commands
1.1 Protocol Port Security Configuration Commands
Chapter 1 Protocol Port Security Configuration Commands
1.1 Protocol Port Security Configuration Commands
1.1.1 ip portsafe
Syntax
ip portsafe enable
undo ip portsafe enable
View
System view
Parameters
None
Description
Use the ip portsafe enable command to enable the protocol port security function to check all IP packets on the interface board. If the destination IP is the virtual interface IP of the switch, and the corresponding destination protocol port is not open, the packet will be dropped.
Use the undo ip portsafe enable command to disable the protocol port security function. Then all packets on the interface board are not checked.
By default, the SRPU enables the protocol port security function. So do the standby board and the interface board.
Following table lists the protocols that can be checked.
Table 1-1 State of the protocol port
|
Protocol |
Port |
Default State |
|
IGMP/IGSP |
PROTOCOL:2 |
Close |
|
OSPF |
PROTOCOL:89 |
Close |
|
PIM |
PROTOCOL:123 |
Close |
|
SSH |
TCP:22 |
Close |
|
TELNET |
TCP:23 |
Close |
|
HTTP |
TCP:80 |
Open |
|
BGP |
TCP:179 |
Close |
|
MPLS LDP |
TCP:646 |
Close |
|
DHCP |
UDP:67,68 |
Close |
|
NTP |
UDP:123 |
Close |
|
SNMP-AGENT |
UDP:161 |
Close |
|
RIP |
UDP:520 |
Close |
|
MPLS LDP |
UDP:646 |
Close |
|
RADIUS CLIENT |
UDP:1812 |
Close |
|
RADIUS LOCAL SERVER |
UDP:1645,1646 |
Open |
|
PORTAL SERVER |
UDP:2000 |
Close |
& Note:
The protocol port security function is short for TCP, UDP protocol port close checking function. If a protocol is not enabled, this function can drop the packet whose destination IP is the virtual interface IP of the switch, so that it reduces the unnecessary communications between the boards and the CPU operation of the SRPU, and enhances the anti-interference ability of the switch to the packet.
Examples
# Enable the protocol port security function.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ip portsafe enable
1.1.2 ip http shutdown
Syntax
ip http shutdown
undo ip http shutdown
View
System view
Parameters
None
Description
Use the ip http shutdown command to shutdown the port 80 of the HTTP protocol. After the execution of this command, all packets requiring the port 80 of this device will be dropped.
Use the undo ip http shutdown command to enable the port 80 of the HTTP protocol. After the execution of the command, all packets requiring the port 80 of the device will be responded.
By default, the port 80 of the HTTP protocol is enabled.
Examples
# Shutdown the port 80 of the HTTP protocol.
<H3C> system-view
[H3C] ip http shutdown
