怎样查询网站的点击量,绵阳做seo网站公司,广州网页制作设计营销,自己做网站怎么别人怎么浏览配置入侵防御示例 组网图形 图1 入侵防御组网图 组网需求配置思路操作步骤中心AP的配置文件 组网需求 如图1所示#xff0c;某企业部署了WLAN网络#xff0c;内网用户可以访问Internet的Web服务器。现需要在中心AP上配置入侵防御功能#xff0c;具体要求如下#xff1a; 保… 配置入侵防御示例 组网图形 图1 入侵防御组网图 组网需求配置思路操作步骤中心AP的配置文件 组网需求 如图1所示某企业部署了WLAN网络内网用户可以访问Internet的Web服务器。现需要在中心AP上配置入侵防御功能具体要求如下 保护内网用户避免内网用户访问Internet的Web服务器时受到攻击。例如含有恶意代码的网站对内网用户发起攻击。 配置思路 配置WLAN基本业务。配置入侵防御模板“profile_ips_pc”保护内网用户。通过配置签名过滤器来满足安全需要。创建攻击防御模板“defence_1”并引用入侵防御模板“profile_ips_pc”保护内网用户免受来自Internet的攻击。配置WLAN业务VAP引用攻击防御模板使入侵防御功能生效。 操作步骤 配置WLAN基本业务具体配置步骤请参照配置敏捷分布式WLAN组网示例。使能安全引擎。 span stylebackground-color:#dddddd[AP] strongdefence engine enable/strong
/span 创建入侵防御模板“profile_ips_pc”保护内网用户。 span stylebackground-color:#dddddd[AP] strongprofile type ips name profile_ips_pc/strong
[AP-profile-ips-profile_ips_pc] strongdescription profile for intranet users/strong
[AP-profile-ips-profile_ips_pc] strongcollect-attack-evidence enable/strong
Warning: Succeeded in configuring attack evidence collection for the IPS functio
n. The function is used for fault locating. This function may deteriorate systemperformance. Exercise caution before using the function.
Attack evidences can be collected only when a log storage device with sufficientstorage space is available.
After all required attack evidences are collected, disable the function.
Our company alone is unable to transfer or process the communication contents orpersonal data. You are advised to enable the related functions based on the ap
plicable laws and regulations in terms of purpose and scope of usage. When the c
ommunication contents or personal data are being transferred or processed, you
are obliged to take considerable measures to ensure that these contents are full
y protected. Continue? [Y/N]: strongy/strong
[AP-profile-ips-profile_ips_pc] strongsignature-set name filter1/strong
[AP-profile-ips-profile_ips_pc-sigset-filter1] strongtarget client/strong
[AP-profile-ips-profile_ips_pc-sigset-filter1] strongseverity high/strong
[AP-profile-ips-profile_ips_pc-sigset-filter1] strongprotocol HTTP/strong
[AP-profile-ips-profile_ips_pc-sigset-filter1] strongquit/strong
[AP-profile-ips-profile_ips_pc] strongquit/strong
/span 提交配置。 span stylebackground-color:#dddddd[AP] strongengine configuration commit/strong
/span 创建攻击防御模板“defence_1”引用入侵防御模板“profile_ips_pc”。 span stylebackground-color:#dddddd[AP] strongdefence-profile name defence_1/strong
[AP-defence-profile-defence_1] strongprofile type ips profile_ips_pc/strong
[AP-defence-profile-defence_1] strongquit/strong
/span 在VAP模板上引用攻击防御模板“defence_1”。 span stylebackground-color:#dddddd[AP] strongwlan/strong
[AP-wlan-view] strongvap-profile name wlan-vap/strong
[AP-wlan-vap-prof-wlan-vap] strongdefence-profile defence_1/strong
[AP-wlan-vap-prof-wlan-vap] strongquit/strong
/span 验证配置结果。 在中心AP上执行命令display profile type ips name profile_ips_pc查看入侵防御配置文件的配置信息。 span stylebackground-color:#dddddd[AP-wlan-view] strongdisplay profile type ips name profile_ips_pc/strongIPS Profile Configurations: ---------------------------------------------------------------------- Name : profile_ips_pc Description : profile for intranet users Referenced : 1 State : committed AttackEvidenceCollection : enable SignatureSet : filter1 Target : client Severity : high OS : N/A Protocol : HTTP Category : N/A Action : default Application : N/A Exception: ID Action Name ---------------------------------------------------------------------- DNS Protocol Check: HTTP Protocol Check: ---------------------------------------------------------------------- /span 中心AP的配置文件 span stylebackground-color:#dddddd#defence engine enablesysname AP
#
profile type ips name profile_ips_pc description profile for intranet users collect-attack-evidence enable signature-set name filter1 target client severity high protocol HTTP
#
vlan batch 100 to 101
#
dhcp enable
#
defence-profile name defence_1 profile type ips profile_ips_pc
#
interface Vlanif100ip address 10.23.100.1 255.255.255.0dhcp select interface
#
interface Vlanif101ip address 10.23.101.1 255.255.255.0dhcp select interface
#
interface GigabitEthernet0/0/1port link-type trunkport trunk pvid vlan 100port trunk allow-pass vlan 100 to 101
#
interface GigabitEthernet0/0/24port link-type trunkport trunk allow-pass vlan 101
#
management-vlan 100
#
wlansecurity-profile name wlan-securitysecurity wpa2 psk pass-phrase %^%#mtz0f~7.[^6RWdzwCy16hJj/Mc!,}sX*B]}A%^%# aesssid-profile name wlan-ssidssid wlan-netvap-profile name wlan-vapservice-vlan vlan-id 101ssid-profile wlan-ssidsecurity-profile wlan-securitydefence-profile defence_1regulatory-domain-profile name domain1ap-group name ap-group1regulatory-domain-profile domain1radio 0vap-profile wlan-vap wlan 1radio 1vap-profile wlan-vap wlan 1ap-id 1 type-id 19 ap-mac 60de-4476-e360 ap-sn 210235554710CB000042ap-name area_1ap-group ap-group1radio 0channel 20mhz 6eirp 127radio 1channel 20mhz 149eirp 127
#
return/span 父主题 配置举例 版权所有 © 华为技术有限公司
