Blacklist configuration commands 1

blacklist enable· 1

blacklist ip· 1

display blacklist 2

 

blacklist enable

Syntax

blacklist enable

undo blacklist enable

View

System view

Default level

2: System level

Parameters

None

Description

Use the blacklist enable command to enable the blacklist function.

Use the undo blacklist enable command to restore the default.

By default, the blacklist function is disabled.

After the blacklist function is enabled, you can add blacklist entries manually.

Examples

# Enable the blacklist function.

<Sysname> system-view

[Sysname] blacklist enable

blacklist ip

Syntax

blacklist ip source-ip-address [ timeout minutes ]

undo blacklist { all | ip source-ip-address [ timeout ] }

View

System view

Default level

2: System level

Parameters

source-ip-address: IP address to be added to the blacklist, used to match the source IP address of packets. This IP address cannot be a broadcast address, 127.0.0.0/8, a class D address, or a class E address.

all: Specifies all blacklist entries.

timeout minutes: Specifies an aging time for the blacklist entry. minutes indicates the aging time and ranges from 1 to 1000, in minutes. If you do not specify the aging time, the blacklist entry will never get aged and thus always exist unless you delete it manually.

Description

Use the blacklist ip command to add a blacklist entry. After an IP address is added to the blacklist, the switch will filter all packets from it.

Use the undo blacklist command to delete one or all blacklist entries, or cancel the aging time configuration of a blacklist entry. You can use the undo blacklist ip source-ip-address timeout command to cancel the aging time specified for a manually added blacklist entry. After the configuration, this blacklist entry will never get aged.

All blacklist entries can take effect only when the blacklist function is enabled.

You can modify the aging time of an existing blacklist entry, and the modification will take effect immediately.

Related commands: blacklist enable and display blacklist.

Examples

# Add IP address 192.168.1.2 to the blacklist and configure its aging time as 20 minutes.

<Sysname> system-view

[Sysname] blacklist ip 192.168.1.2 timeout 20

command), the switch considers the IP address a scanning attack source and drops subsequent packets from the IP address until it finds that the rate is less than the threshold.

Related commands: defense scan add-to-blacklist, defense scan blacklist-timeout, defense scan max-rate, and blacklist enable.

Examples

# Enable scanning attack protection.

<Sysname> system-view

[Sysname] attack-defense policy 1

[Sysname-attack-defense-policy-1] defense scan enable

display blacklist

Syntax

On a switch working in standalone mode:

display blacklist { all | ip source-ip-address [ slot slot-number ] | slot slot-number } [ | { begin | exclude | include } regular-expression ]

On a switch working in IRF mode:

display blacklist { all | chassis chassis-number slot slot-number | ip source-ip-address [ chassis chassis-number slot slot-number ] } [ | { begin | exclude | include }

View

Any view

Default level

1: Monitor level

Parameters

all: Displays information about all blacklist entries.

ip source-ip-address: Displays information about the blacklist entry for an IP address. source-ip-address indicates the IP address, which cannot be a broadcast address, 127.0.0.0/8, a class D address, or a class E address.

slot slot-number: Displays information about the blacklist entries for the card in a slot. (On a switch working in standalone mode)

chassis chassis-number slot slot-number: Displays information about the blacklist entries for a card in a certain IRF member switch. The chassis-number argument refers to the ID of the IRF member switch, and the slot-number argument refers to the number of the slot where the card resides. For the IRF member ID of a switch, use the display device command. (On a switch working in IRF mode)

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays the lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Description

Use the display blacklist command to display information about one or all blacklist entries. 

Related commands: blacklist enable and blacklist ip.

Examples

# Display information about all blacklist entries.

<Sysname> display blacklist all

                    Blacklist information

------------------------------------------------------------------------------

Blacklist                               : enabled

Blacklist items                         : 1

------------------------------------------------------------------------------

IP              Type   Aging started       Aging finished      Dropped packets

                       YYYY/MM/DD hh:mm:ss YYYY/MM/DD hh:mm:ss

2.2.1.2         manual 2008/08/27 19:15:39 Never               0

1.1.1.3         manual 2008/09/02 06:13:20 2008/09/02 07:54:47 4294967295

--------------------------------------------------------------------------

Table 1 Output description

Field	Description
Blacklist	Indicates whether the blacklist function is enabled
Blacklist items	Number of blacklist entries
IP	IP address of the blacklist entry
Type	Type of the blacklist entry. It can be manual, which means the entry was added manually.
Aging started	Time when the blacklist entry is added
Aging finished	Aging time of the blacklist entry. Never means that the entry will never get aged.
Dropped packets	Number of packets from the IP address that have been dropped