User blacklist configuration example
Network requirements
As shown in Figure 126, configure the user blacklist feature on the device to block packets from User C for 50 minutes. The IP address of User C is 1.2.3.4 and the MAC address of User C is 0001-0001-0001.
Figure 125: Network diagram
Configuration procedure
Configure IP addresses for the interfaces on the device. (Details not shown.)
Configure user identification:
# Add a network access user named userc.
<Device> system-view [Device] local-user userc class network [Device-luser-network-userc] quit
# Configure a static identity user with username userc, IP address 1.2.3.4, and MAC address 0001-0001-0001.
[Device] user-identity static-user userc bind ipv4 1.2.3.4 mac 0001-0001-0001
# Enable user identification.
[Device] user-identity enable
Configure the user blacklist feature:
# Enable the global blacklist feature.
[Device] blacklist global enable
# Add a user blacklist entry for user userc and set the blacklist entry aging time to 50 minutes.
[Device] blacklist user userc timeout 50
Verifying the configuration
# Verify that the user blacklist entry is successfully added.
[Device] display blacklist user User name Type TTL(sec) Dropped userc Manual 2987 0
# Verify that the device drops packets from User C for 50 minutes and forwards packets from User C after 50 minutes. (Details not shown.)