To Next Page

To Previous Page

157

Figure 164 Add an intrusion detection policy

Attack protection configuration examples

Attack protection configuration example for MSR900/20-1X

Network requirements

As shown in Figure 165, internal users Host A, Host B, and Host C access the Internet through Router.

The network security requirements are as follows:

• Router always drops packets from Host D, an attacker.

• Router denies packets from Host C for 50 minutes for temporary access control of Host C.

• Router provides scanning attack protection and automatically adds detected attackers to the

blacklist.

• Router provides Land attack protection and Smurf attack protection.

Default Chapter3
- Table of Contents3
Web Overview16
- Logging in to the Web Interface16
- Logging out of the Web Interface17
- Introduction to the Web Interface17
- User Level19
- Introduction to the Web-Based NM Functions19
- Common Web Interface Elements32
- Managing Web-Based NM through CLI35
  - Enabling/Disabling Web-Based NM35
  - Managing the Current Web User36
- Configuration Guidelines36
- Troubleshooting Web Browser36
  - Cannot Access the Device through the Web Interface36
Displaying Device Information40
- Displaying Broadband Connection Information41
- Displaying 3G Wireless Card State41
- Displaying LAN Information42
- Displaying WLAN Information42
- Displaying Service Information42
- Displaying Recent System Logs42
- Managing Integrated Services42
Basic Services Configuration44
- Configuring Basic Services44
Configuring WAN Interfaces56
- Configuring an Ethernet Interface56
- Configuring an SA Interface59
- Configuring an ADSL/G.SHDSL Interface60
  - Overview60
  - Configuration Procedure61
- Configuring a CE1/PRI Interface64
  - Overview64
  - Configuration Procedure64
- Configuring a CT1/PRI Interface67
- Displaying Interface Information and Statistics68
Configuring Vlans70
- Overview70
- Configuring a VLAN and Its VLAN Interface70
- Configuration Guidelines74
Wireless Configuration Overview75
- Overview75
- Configuration Task List75
Configuring Wireless Services76
- Configuring Wireless Access Service76
- Displaying Wireless Access Service89
- Wireless Access Service Configuration Examples96
Client Mode111
- Enabling the Client Mode112
  - Connecting the Wireless Service113
  - Displaying Statistics114
- Client Mode Configuration Example114
Configuring Radios117
- Configuring Data Transmit Rates120
  - Configuring 802.11A/802.11B/802.11G Rates120
  - Configuring 802.11N MCS121
- Displaying Radio122
  - Displaying WLAN Services Bound to a Radio122
  - Displaying Detailed Radio Information122
Configuring WLAN Security125
- Blacklist and White List125
- Configuring the Blacklist and White List Functions125
- Configuring User Isolation127
Configuring WLAN Qos129
- Configuring Wireless Qos129
- Wireless Qos Configuration Example137
Configuring Advanced Settings141
- Setting a District Code141
- Channel Busy Test141
3G/4G Connection143
- Displaying 3G/4G Connection Information143
- Configuring the Cellular Interface146
- Managing the PIN147
- Rebooting the 3G/4G Modem148
Configuring NAT149
- Overview149
- Recommended Configuration Procedure149
- Configuring Dynamic NAT149
- Configuring a DMZ Host151
  - Creating a DMZ Host151
  - Enabling DMZ Host on an Interface151
- Configuring an Internal Server152
- Enabling Application Layer Protocol Check154
- Configuring Connection Limit154
- NAT Configuration Examples155
  - Internal Hosts Accessing Public Network Configuration Example155
  - Internal Server Configuration Example156
Configuring Access Control160
- Configuration Procedure160
- Access Control Configuration Example161
Configuring URL Filtering163
- Configuration Procedure163
- URL Filtering Configuration Example164
Configuring Attack Protection166
- Overview166
  - Blacklist Function166
  - Intrusion Detection Function166
- Configuring the Blacklist Function168
- Configuring Intrusion Detection170
- Attack Protection Configuration Examples172
  - Attack Protection Configuration Example for MSR900/20-1X172
  - For MSR20/30/36/50/930 Routers175
Configuring Application Control179
- Recommended Configuration Procedure179
- Application Control Configuration Example182
Configuring Webpage Redirection184
Configuring Routes186
- Overview186
- Creating an Ipv4 Static Route186
- Displaying the Active Route Table187
- Ipv4 Static Route Configuration Example188
- Configuration Guidelines191
Configuring User-Based Load Sharing192
- Overview192
- Configuration Procedure192
Configuring Traffic Ordering194
- Overview194
- Recommended Configuration Procedure194
- Setting the Traffic Ordering Interval194
- Specifying the Traffic Ordering Mode195
- Displaying Internal Interface Traffic Ordering Statistics195
- Displaying External Interface Traffic Ordering Statistics196
Configuring DNS197
- Overview197
- Recommended Configuration Procedure197
  - Configuring Dynamic Domain Name Resolution197
  - Configuring DNS Proxy198
- Enabling Dynamic Domain Name Resolution198
- Enabling DNS Proxy198
- Clearing the Dynamic Domain Name Cache199
- Specifying a DNS Server199
- Configuring a Domain Name Suffix199
- Domain Name Resolution Configuration Example200
Configuring DDNS205
- Overview205
- Configuration Prerequisites206
- Configuration Procedure206
- DDNS Configuration Example207
Configuring DHCP210
- Introduction to DHCP210
- Recommended Configuration Procedure211
- Configuration Guidelines213
- Enabling DHCP213
- Configuring DHCP Interface Setup214
- Configuring a Static Address Pool for the DHCP Server215
- Configuring a Dynamic Address Pool for the DHCP Server216
- Configuring IP Addresses Excluded from Dynamic Allocation218
- Configuring a DHCP Server Group219
- DHCP Configuration Examples220
  - DHCP Configuration Example Without DHCP Relay Agent221
  - DHCP Relay Agent Configuration Example228
Configuring Acls233
- Overview233
- Recommended Ipv4 ACL Configuration Procedure233
- Configuration Guidelines233
- Adding an Ipv4 ACL234
- Configuring a Rule for a Basic Ipv4 ACL234
- Configuring a Rule for an Advanced Ipv4 ACL236
- Configuring a Rule for an Ethernet Frame Header ACL239
Configuring Qos242
- Overview242
- Configuring Subnet Limit243
- Configuring Advanced Limit244
- Configuring Advanced Queue246
  - Configuring Interface Bandwidth247
  - Configuring Bandwidth Guarantee248
- Qos Configuration Examples250
  - Subnet Limit Configuration Example250
  - Advanced Queue Configuration Example251
- Appendix Packet Precedences254
Configuring SNMP257
- Overview257
- SNMP Agent Configuration Task List257
- Snmpv1/V2C Configuration Example268
- Snmpv3 Configuration Example271
- Configuring the Nms276
Configuring Bridging277
- Overview277
- Configuring Bridging281
- Bridging Configuration Example283
Configuring User Groups286
- User Group Configuration Task List286
- User Group Configuration Example293
Configuring MSTP301
- Introduction to STP301
- Introduction to RSTP308
- Introduction to MSTP308
- Configuration Restrictions and Guidelines313
- Recommended MSTP Configuration Procedure313
- Configuring an MST Region314
- Configuring MSTP Globally315
- Configuring MSTP on a Port319
- MSTP Configuration Example321
Configuring RADIUS326
- Overview326
- Configuring a RADIUS Scheme326
  - Configuring Common Parameters327
  - Adding RADIUS Servers330
- RADIUS Configuration Example331
- Configuration Guidelines337
Configuring Login Control339
- Configuration Procedure339
- Login Control Configuration Example340
Configuring ARP343
- Overview343
  - Gratuitous ARP343
- Displaying ARP Entries343
- Creating a Static ARP Entry343
- Removing ARP Entries344
- Enabling Learning of Dynamic ARP Entries344
- Configuring Gratuitous ARP345
- Static ARP Configuration Example346
Configuring ARP Attack Protection350
- Overview350
- Configuring Periodic Sending of Gratuitous ARP Packets350
- Configuring ARP Automatic Scanning351
- Configuring Fixed ARP352
Configuring Ipsec VPN355
- Overview355
- Recommended Configuration Procedure355
- Configuring an Ipsec Connection356
- Displaying Ipsec VPN Monitoring Information361
- Ipsec VPN Configuration Example363
- Configuration Guidelines365
Configuring L2TP366
- Enabling L2TP367
- Adding an L2TP Group367
- Displaying L2TP Tunnel Information373
- Client-Initiated VPN Configuration Example373
Configuring GRE378
- Overview378
- Configuring a GRE over Ipv4 Tunnel378
  - Recommended Configuration Procedure378
  - Creating a GRE Tunnel378
- GRE over Ipv4 Tunnel Configuration Example380
SSL VPN Overview386
- How SSL VPN Works386
- Advantages of SSL VPN387
Configuring SSL VPN Gateway388
- Recommended Configuration Procedure388
- Configuring the SSL VPN Service389
- Configuring Web Proxy Server Resources390
- Configuring TCP Application Resources392
- Configuring IP Network Resources399
- Configuring a Resource Group404
- Configuring Local Users406
  - Adding a Local User Manually406
  - Importing Local Users in Bulk408
- Configuring a User Group409
- Viewing User Information411
- Performing Basic Configurations for the SSL VPN Domain412
- Configuring Authentication Policies415
- Configuring a Security Policy421
- Customizing the SSL VPN User Interface424
  - Customizing the SSL VPN Interface Partially424
  - Customizing the SSL VPN Interface Fully425
User Access to SSL VPN427
- Logging in to the SSL VPN Service Interface427
- Accessing SSL VPN Resources428
- Getting Help Information429
- Changing the Login Password429
SSL VPN Configuration Example431
- Network Requirements431
- Configuration Prerequisites431
- Configuration Procedure432
- Verifying the Configuration444
Managing Certificates447
- Overview447
- Recommended Configuration Procedure447
  - Recommended Configuration Procedure for Manual Request448
  - Recommended Configuration Procedure for Automatic Request449
- Creating a PKI Entity450
- Creating a PKI Domain451
- Generating an RSA Key Pair454
- Destroying the RSA Key Pair455
- Retrieving and Displaying a Certificate455
- Requesting a Local Certificate456
- Retrieving and Displaying a CRL457
- PKI Configuration Examples458
- Configuration Guidelines472
Managing the System473
- Configuring Web Management473
- Managing the Configuration473
- Rebooting the Device477
- Managing Services477
- Managing Users479
- Configuring System Time482
- Configuring TR-069 ········································································································································ 131 486
  - Upgrading Software489
    - Upgrading Software (for the MSR900/MSR20-1X)489
    - Upgrading Software (for the MSR20/30/50)490
Configuring SNMP (Lite Version)491
- Overview491
- Enabling the SNMP Agent Function491
- SNMP Configuration Examples493
  - Snmpv1/V2C Configuration Example493
  - Snmpv3 Configuration Example495
Configuring Syslogs497
- Displaying Syslogs497
- Setting the Log Host498
- Setting Buffer Capacity and Refresh Interval499
Using Diagnostic Tools500
- Traceroute500
- Ping500
- Traceroute Operation500
- Ping Operation501
Configuring Winet503
- Enabling Winet503
- Setting the Background Image for the Winet Topology Diagram504
- Managing Winet505
- Configuring a RADIUS User507
- How the Guest Administrator Obtains the Guest Password509
- Winet Configuration Example510
  - Winet Establishment Configuration Example510
  - Winet-Based RADIUS Authentication Configuration Example514
Configuration Wizard518
- Overview518
- Basic Service Setup518
Local Number and Call Route521
- Local Numbers and Call Routes521
- Fax and Modem521
- Call Services521
- Advanced Settings521
Basic Settings522
- Introduction to Basic Settings522
  - Local Number522
  - Call Route522
- Basic Settings523
  - Configuring a Local Number523
  - Configuring a Call Route524
- Configuration Examples of Local Number and Call Route527
Fax and Modem548
- Protocols and Standards for Foip548
- Fax Flow548
- Introduction to Fax Methods549
- SIP Modem Pass-Through Function549
- Configuring Fax and Modem550
  - Configuring Fax and Modem Parameters of a Local Number550
  - Configuring Fax and Modem Parameters of a Call Route553
Call Services554
- Call Waiting554
- Call Hold554
- Call Forwarding554
- Call Transfer554
- Call Backup555
- Hunt Group555
- Call Barring555
- Message Waiting Indication555
- Three-Party Conference555
- Silent Monitor and Barge in Services555
- Calling Party Control556
- Door Opening Control556
- CID on the FXS Voice Subscriber Line556
- CID on the FXO Voice Subscriber Line557
- Support for SIP Voice Service of the VCX557
- Configuring Call Services of a Local Number557
  - Configuring Call Forwarding, Call Waiting, Call Hold, Call Transfer, and Three-Party Conference557
  - Configuring Other Voice Functions559
- Configuring Call Services of a Call Route561
- Call Services Configuration Examples562
Advanced Settings577
- Introduction to Advanced Settings577
  - Coding Parameters577
  - Other Parameters581
- Configuring Advanced Settings of a Local Number581
  - Configuring Coding Parameters of a Local Number581
  - Configuring Other Parameters of a Local Number583
- Configuring Advanced Settings of a Call Route584
  - Configuring Coding Parameters of a Call Route584
  - Configuring Other Parameters for a Call Route584
- Advanced Settings Configuration Example585
  - Configuring Out-Of-Band DTMF Transmission Mode for SIP585
SIP-To-SIP Connections587
- Configuring Media Parameters for SIP-To-SIP Connections587
- Configuring Signaling Parameters for SIP-To-SIP Connections588
Configuring Dial Plans590
- Dial Plan Process590
- Regular Expression591
- Dial Plan Functions592
- Configuring Dial Plan595
- Dial Plan Configuration Examples601
Call Connection622
- Introduction to SIP622
- Support for Transport Layer Protocols627
- SIP Security627
- Support for SIP Extensions629
Configuring SIP Connections630
- Configuring Connection Properties630
  - Configuring Registrar630
  - Configuring Proxy Server631
- Configuring Session Properties632
- Configuring Advanced Settings638
- Configuring Call Release Cause Code Mapping643
  - Configuring PSTN Call Release Cause Code Mappings643
  - Configuring SIP Status Code Mappings644
- SIP Connection Configuration Examples645
Managing SIP Server Groups651
- Creating a SIP Server Group651
- Configuring the Real-Time Switching Function651
- Configuring the Keep-Alive Mode652
- Configuring the Source Address Binding Mode653
- Configuring Server Information Management654
Configuring SIP Trunk656
- Features657
- Typical Applications657
- Protocols and Standards658
- Configuring SIP Trunk658
- Configuring a Call Route for Outbound Calls661
- Configuring a Call Route for Inbound Calls667
- SIP Trunk Configuration Examples667
Managing Data Links679
- Overview679
- Configuring Digital Link Management681
- E1 Voice DSS1 Signaling Configuration Example694
Managing Lines697
- FXS Voice Subscriber Line697
- FXO Voice Subscriber Line697
- E&M Subscriber Line697
  - E&M Introduction697
  - E&M Start Mode697
- One-To-One Binding between FXS and FXO Voice Subscriber Lines699
- Echo Adjustment Function699
- Line Management Configuration700
- Line Management Configuration Examples713
  - Configuring an FXO Voice Subscriber Line713
  - Configuring One-To-One Binding between FXS and FXO714
Configuring SIP Local Survival721
- Service Configuration722
- User Management723
- Trusted Nodes723
- Call-Out Route724
- Area Prefix725
- Call Authority Control725
- SIP Local Survival Configuration Examples727
Configuring IVR741
- Overview741
- Advantages741
- Configuring IVR742
  - Uploading Media Resource Files742
  - Importing a Media Resource through an Moh Audio Input Port743
- Configuring the Global Key Policy744
- Configuring IVR Nodes745
- Configuring Access Number Management751
  - Configuring an Access Number751
  - Configuring Advanced Settings for the Access Number752
- IVR Configuration Examples752
- Customizing IVR Services776
Advanced Configuration795
- Global Configuration795
- VRF-Aware SIP796
- Batch Configuration797
States and Statistics812
- Line States812
  - Displaying Detailed Information about Analog Voice Subscriber Lines813
  - Displaying Detailed Information about Digital Voice Subscriber Lines813
- Call Statistics814
  - Displaying Active Call Summary815
  - Displaying History Call Summary815
- SIP UA States816
  - Displaying TCP Connection Information816
  - Displaying TLS Connection Information816
- Connection Status817
  - Displaying Number Register Status817
  - Displaying Number Subscription Status818
- Local Survival Service States818
- SIP Trunk Account States819
  - Displaying SIP Trunk Account States819
  - Displaying Dynamic Contact States820
- Server Group Information820
- IVR Information821
  - Displaying IVR Call States821
  - Displaying IVR Play States821
Document Conventions and Icons823
- Conventions823
- Command Conventions823
- Network Topology Icons824
Support and Other Resources825
- Accessing Hewlett Packard Enterprise Support825
- Accessing Updates825
Index828

Brand	HPE
Model	FlexNetwork MSR Series
Category	Network Router
Language	English

HPE FlexNetwork MSR Series User Manual

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Questions and Answers:

HPE FlexNetwork MSR Series Specifications

Related product manuals