Step
3.
Add a blacklist entry.
Displaying and maintaining the blacklist
Task
Display information about one or
all blacklist entries on a switch
operating in standalone mode.
Display information about one or
all blacklist entries on a switch
operating in IRF mode.
Blacklist configuration example
Network requirements
As shown in
traffic statistics. Configure the switch to filer packets from Host B permanently.
Figure 85 Network diagram
Configuration procedure
# Configure IP addresses for interfaces. (Details not shown.)
# Enable the blacklist function.
<Switch> system-view
[Switch] blacklist enable
# Add Host B's IP address 5.5.5.5 to the blacklist without configuring an aging time for it.
[Switch] blacklist ip 5.5.5.5
Verifying the configuration
Display blacklist entries by using the display blacklist all command.
Figure
85, assume that you find an attacker (Host B) in the outside network by analyzing the
Command
blacklist ip source-ip-address
[ timeout minutes ]
Command
display blacklist { all | ip source-ip-address
[ slot slot-number ] | slot slot-number } [ |
{ begin | exclude | include }
regular-expression ]
display blacklist { all | chassis chassis-number
slot slot-number | ip source-ip-address
[ chassis chassis-number slot slot-number ] } [ |
{ begin | exclude | include }
244
Remarks
Optional.
The scanning attack protection
function can add blacklist entries
automatically.
Remarks
Available in any view.
Available in any view.