Configuring the address object group whitelist
The address object group whitelist feature exempts packets sourced from the subnets specified in the whitelisted address object group from attack detection.
An address object group can only be manually added to or deleted from the whitelist.
The address object group whitelist feature must be used together with the address object group feature. For more information about address object groups, see "Configuring object groups."
The address object group whitelist is independent of the attack defense policy.
To configure the address object group whitelist:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. (Optional.) Enable the global whitelist feature. | whitelist global enable | By default, the global whitelist feature is disabled. |
3. Add an address object group to the whitelist. | whitelist object-group object-group-name | By default, no address object group is added to the whitelist. |
4. Enter interface view. | interface interface-type interface-number | N/A |
5. Enable the whitelist feature on the interface. | whitelist enable | By default, the whitelist feature is disabled on the interface. |