H3C S7500 Series Operating instructions

Brand: H3C

Model: S7500 Series

Type: Operating instructions

H3C S7500 Series, a high-performance Ethernet switch, delivers wire-speed services to enterprise networks with resilient and reliable operations. It offers exceptional flexibility, scalability, and security features to meet the evolving demands of modern networks. The S7500 Series is ideal for deployment in data centers, campus networks, and large-scale enterprise networks.

Operation Manual – Telnet Protection

H3C S7500 Series Ethernet Switches Table of Contents

Table of Contents

Chapter 1 Telnet Protection Configuration.................................................................................1-1

1.1 Introduction........................................................................................................................1-1

1.2 Telnet Protection Configuration.........................................................................................1-2

1.2.1 Configuring Telnet Protection..................................................................................1-2

1.2.2 Configuring SNMP Protection.................................................................................1-2

1.2.3 Configuring ICMP Protection...................................................................................1-2

1.2.4 Configuring Default-route Telnet Protection............................................................1-3

Operation Manual – Telnet Protection

H3C S7500 Series Ethernet Switches Chapter 1

Telnet Protection Configuration

1-1

Chapter 1 Telnet Protection Configuration

When configuring Telnet protection, go to these sections for information you are

interested in:

z Introduction

z Telnet Protection Configuration

1.1 Introduction

The Telnet protection function is used to protect Telnet packets, SNMP packets, and

ICMP packets from the specific source IP addresses in the case of attacks against the

network or high CPU utilization.

Telnet protection comes in global Telnet protection, special ARP Telnet protection, and

default-route Telnet protection. Global Telnet protection is the highest in priority; then

comes special ARP Telnet protection and default-route Telnet protection is the lowest in

priority.

After you configure global Telnet protection, all the Layer-3 interfaces are protected.

You can also configure special ARP Telnet protection to protect specified Layer-3

interfaces. If the default route exists, you can enable special ARP Telnet protection on

the gateway of the network segment where the next hop of the default route resides

through enabling default-route Telnet protection. By default, default-route Telnet

protection is disabled.

Before configuring Telnet protection, you need to enable Telnet, SNMP, and ICMP

protection respectively. You can configure Telnet protection, SNMP protection, and

ICMP protection for only the packets of the specific source IP addresses.

Caution:

After the network address translation (NAT) function is enabled,

z You cannot configure global Telnet protection.

z You cannot configure special ARP Telnet protection for the Layer-3 interface where

NAT resides.

z You cannot configure default-route Telnet protection.

Operation Manual – Telnet Protection

H3C S7500 Series Ethernet Switches Chapter 1

Telnet Protection Configuration

1-2

1.2 Telnet Protection Configuration

1.2.1 Configuring Telnet Protection

Follow these steps to configure Telnet protection:

To do... Use the command... Remarks

Enter system view system-view —

Enable Telnet

protection

attack-protection telnet

[ ip-address ]

Required

If you use this command with the

ip-address parameter, you can

protect the packets that match

this source IP address only.

Enable global

Telnet protection

or special ARP

Telnet protection

attack-protection

[ ip-address ]

Required

If you use this command with the

ip-address parameter, you can

protect the specified Layer-3

interfaces.

1.2.2 Configuring SNMP Protection

Follow these steps to configure SNMP protection:

To do... Use the command... Remarks

Enter system view system-view —

Enable SNMP

protection

attack-protection

snmp [ ip-address ]

Required

If you use this command with the

ip-address parameter, you can

protect the packets that match this

source IP address only.

Enable global Telnet

protection or special

ARP Telnet

protection

attack-protection

[ ip-address ]

Required

If you use this command with the

ip-address parameter, you can

protect the specified Layer-3

interfaces.

1.2.3 Configuring ICMP Protection

Follow these steps to configure ICMP protection:

Operation Manual – Telnet Protection

H3C S7500 Series Ethernet Switches Chapter 1

Telnet Protection Configuration

1-3

To do... Use the command... Remarks

Enter system view

system-view —

Enable ICMP

protection

attack-protection

icmp [ ip-address ]

Required

If you use this command with the

ip-address parameter, you can

protect the packets that match

this source IP address only.

Enable global Telnet

protection or special

ARP Telnet

protection

attack-protection

[ ip-address ]

Required

If you use this command with the

ip-address parameter, you can

protect the specified Layer-3

interfaces.

1.2.4 Configuring Default-route Telnet Protection

Follow these steps to configure default-route Telnet protection:

To do... Use the command... Remarks

Enter system view system-view —

Enable default-route

Telnet protection

undo attack-protection

disable-defaultroute

Required

By default, default-route

Telnet protection is

disabled.

H3C S7500 Series Operating instructions

H3C S7500 Series Operating instructions

H3C S7500 Series Operating instructions

Related papers

Other documents