[x]

Attack detection and prevention configuration examples > Address object group whitelist configuration example

 

 Next

Address object group whitelist configuration example

Network requirements

As shown in Figure 192, configure the address object group whitelist feature on the router to allow all packets from subnet 5.5.5.0/24 to pass through.

Figure 187: Network diagram

Configuration procedure

# Configure IP addresses for the interfaces on the router. (Details not shown.)

# Enable the global whitelist feature.

<Router> system-view
[Router] whitelist global enable

# Create IPv4 address object group obj1. Configure an IPv4 address object with subnet 5.5.5.0/24.

[Router] object-group ip address obj1
[Router-obj-grp-ip-obj1] network subnet 5.5.5.0 24
[Router] quit

# Add IPv4 address object group obj1 to the whitelist.

[Router] whitelist object-group obj1

Verifying the configuration

# Verify that the router allows all packets from subnet 5.5.5.0/24 to pass through unless you execute the undo whitelist object-group obj1 command on the router. (Details not shown.)

prev

 

up

 next

Address object group blacklist configuration example 

home

 Interface-based TCP client verification configuration example

© Copyright 2017 Hewlett Packard Enterprise Development LP