User blacklist configuration example
Network requirements
As shown in Figure 190, configure the user blacklist feature on the router to block packets from the user User C for 50 minutes. The IP address of User C is 1.2.3.4 and the MAC address of User C is 0001-0001-0001.
Figure 185: Network diagram
Configuration procedure
Configure IP addresses for the interfaces on the router. (Details not shown.)
Configure user identification:
# Add a network access user named userc.
<Router> system-view [Router] local-user userc class network [Router-luser-network-userc] quit
# Configure a static identity user with the username userc, IP address 1.2.3.4, and MAC address 0001-0001-0001.
[Router] user-identity static-user userc bind ipv4 1.2.3.4 mac 0001-0001-0001
# Enable user identification.
[Router] user-identity enable
Configure the user blacklist feature:
# Enable the global blacklist feature.
[Router] blacklist global enable
# Add a user blacklist entry for the user userc and set the blacklist entry aging time to 50 minutes.
[Router] blacklist user userc timeout 50
Verifying the configuration
# Verify that the user blacklist entry is successfully added.
[Router] display blacklist user User name Type TTL(sec) Dropped userc Manual 2987 0
# Verify that the router drops packets from User C for 50 minutes and forwards packets from User C after 50 minutes. (Details not shown.)