the S5700 needs to ban the ransomware port on the LAN switch. How to implement it? Specific operation steps and configuration examples?

Latest reply: Dec 29, 2018 02:33:11 226 7 8 1

1. Configure advanced ACL

# Configure the security policy for port ban in the ACL.

<HUAWEI> system-view

[HUAWEI] sysname Switch

[Switch] acl 3001

[Switch-acl-adv-3001] rule deny tcp destination-port eq 135

[Switch-acl-adv-3001] rule deny udp destination-port eq 135

[Switch-acl-adv-3001] rule deny tcp destination-port eq 137

[Switch-acl-adv-3001] rule deny udp destination-port eq 137 //enclose the netbios-ns port

[Switch-acl-adv-3001] rule deny tcp destination-port eq 138

[Switch-acl-adv-3001] rule deny udp destination-port eq 138 //enclose the netbios-dgm port

[Switch-acl-adv-3001] rule deny tcp destination-port eq 139

[Switch-acl-adv-3001] rule deny udp destination-port eq 139 //enclose the netbios-ssn port

[Switch-acl-adv-3001] rule deny tcp destination-port eq 445

[Switch-acl-adv-3001] rule deny udp destination-port eq 445

[Switch-acl-adv-3001] rule permit ip

[Switch-acl-adv-3001] quit



2. Configure ACL-based traffic classification

# Configure the traffic classifier tc1 to classify packets matching ACL 3001.

[Switch] traffic classifier tc1

[Switch-classifier-tc1] if-match acl 3001

[Switch-classifier-tc1] quit



3. Configure the behavior as

# Configure the traffic behavior as tb1, and the action is to reject the packet.

[Switch] traffic behavior tb1

[Switch-behavior-tb1] deny

[Switch-behavior-tb1] quit



4. Configure the traffic policy

# Configure the traffic policy tp1 to associate the traffic class tc1 with the traffic behavior tb1.

[Switch] traffic policy tp1

[Switch-trafficpolicy-tp1] classifier tc1 behavior tb1

[Switch-trafficpolicy-tp1] quit



5. Apply the traffic policy to the port (uplink port or downlink port)

For example, the traffic policy tp1 is applied to the inbound direction of the downlink interface GE0/0/2.

[Switch] interface gigabitethernet 0/0/2

[Switch-GigabitEthernet0/0/2] traffic-policy tp1 inbound

[Switch-GigabitEthernet0/0/2] quit



6. Verify the configuration results

# Display the configuration information of the ACL rule.

[Switch-acl-adv-3001]dis acl 3001

Advanced ACL 3001, 10 rules

Acl's step is 5

 Rule 5 deny tcp destination-port eq 135

 Rule 10 deny udp destination-port eq 135

 Rule 15 deny tcp destination-port eq 137

 Rule 20 deny udp destination-port eq netbios-ns

 Rule 25 deny tcp destination-port eq 138

 Rule 30 deny udp destination-port eq netbios-dgm

 Rule 35 deny tcp destination-port eq 139

 Rule 40 deny udp destination-port eq netbios-ssn

 Rule 45 deny tcp destination-port eq 445

 Rule 50 deny udp destination-port eq 445



# View the configuration information of the traffic classifier.

[Switch] display traffic classifier user-defined

   User Defined Classifier Information:

    Classifier: tc1

     Operator: OR

     Rule(s) : if-match acl 3001

Total classifier number is 1

# View the configuration information of the traffic policy.

[Switch] display traffic policy user-defined tp1

  User Defined Traffic Policy Information:

  Policy: tp1

   Classifier: tc1

    Operator: OR

     Behavior: tb1

      Deny

# View the application information of the traffic policy.

[Switch] display traffic-policy applied-record

                                                                                                                                 

-------------------------------------------------

  Policy Name: tp1

  Policy Index: 0

     Classifier: tc1 Behavior: tb1

-------------------------------------------------

 *interface GigabitEthernet0/0/2

    Traffic-policy tp1 inbound

      Slot 0 : success

-------------------------------------------------

  Policy total applied times: 1.


  • x
  • convention:

Created Dec 24, 2018 01:44:17 Helpful(0) Helpful(0)

Know how to implement S5700 need to prohibit LAN switches on the extortion software port This post was last edited by xiaomumu at 2018-12-27 02:47.
  • x
  • convention:

Created Dec 24, 2018 17:09:58 Helpful(0) Helpful(0)

No idea
  • x
  • convention:

Created Dec 26, 2018 03:38:11 Helpful(0) Helpful(0)

According to the ransomware port and address, configure traffic-policy to deny it
  • x
  • convention:

Created Dec 26, 2018 08:58:31 Helpful(0) Helpful(0)

View the configuration information of the traffic classifier
  • x
  • convention:

Created Dec 27, 2018 07:10:57 Helpful(0) Helpful(0)

thanks for sharing its very useful
  • x
  • convention:

Created Dec 28, 2018 02:47:57 Helpful(0) Helpful(0)

full steps for the configuration on S5700 for the QoS. very good
  • x
  • convention:

Good Good Study Day Day Up
Created Dec 29, 2018 02:33:11 Helpful(0) Helpful(0)

hi author , maybe you should tell us what's port will be used by ransomware directlly , then we will found many ways to deny it .
  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Fast reply Scroll to top