Quidway S6500 Series Switch anti-virus configuration Template

Nowadays, network viruses are rampant, which brings great risks to the normal application of the network. The following is a template for anti-virus configuration of the Quidway S6500 series switches, which is for your reference only:

acl name anti_worm advanced rule 0 deny udp destination-port eq tftp   rule 1 deny tcp destination-port eq 135 rule 2 deny udp destination-port eq 135 rule 3 deny udp destination-port eq 137 rule 4 deny udp destination-port eq 138 rule 5 deny tcp destination-port eq 139 rule 6 deny udp destination-port eq netbios-ssn rule 7 deny tcp destination-port eq 445 rule 8 deny udp destination-port eq 445 rule 9 deny tcp destination-port eq 539 rule 10 deny udp destination-port eq 539 rule 11 deny tcp destination-port eq 593 rule 12 deny udp destination-port eq 593 rule 13 deny udp destination-port eq 1434 rule 14 deny tcp destination-port eq 4444 acl name anti_icmp advanced rule 0 deny icmp The above rules are globally distributed on the chip in the not-carefor-interface mode, for example: int e1/0/1 packet-filter inbound ip-group anti_worm not-care-for-interface packet-filter inbound ip-group anti_icmp not-care-for-interface int e2/0/1 packet-filter inbound ip-group anti_worm not-care-for-interface packet-filter inbound ip-group anti_icmp not-care-for-interface int e2/0/48 packet-filter inbound ip-group anti_worm not-care-for-interface packet-filter inbound ip-group anti_icmp not-care-for-interface

Note:

1. The not-carefor-interface parameter indicates that the rule is distributed throughout the chip, not just on this port. For an FT48 board, one chip has two chips, the first 24 ports are one chip, and the last 24 ports are one chip. The rules for sending this parameter to any port of the chip take effect on the whole chip.

2. Another board is a chip.

Related Articles]

• DHCP configuration of Huawei 8016 vswitch
  

• Huawei switch port image Configuration
  

• SNMP configuration command a of the Huawei Switch