Huawei SmartAX-MT880v3 Router Manual PDF (Setup & Configuration Guide)

Page 56 / 109 Scroll up to view Page 51 - 55

46

alternative routes, the one with the lowest hop count is

considered the fastest path.

4)

Select

Send Mode

and

Receive Mode

.

z

The

Send Mode

setting indicates the RIP version this

interface will use when it sends its route information to

other devices.

z

The

Receive Mode

setting indicates the RIP version(s) in

which information must be passed to the MT800 in order

for it to be accepted into its routing table.

5)

Click the

Add

button. The new RIP entry will display in the

table.

6)

Click the

Enable

radio button to enable the RIP feature.

±

Note:

z

RIP version 1 is the original RIP protocol. Select RIP1 if you have devices that

communicate with this interface that understand RIP version 1 only.

z

RIP version 2 is the preferred selection because it supports "classless" IP

addresses (which are used to create subnets) and other features. Select RIP2 if

all other routing devices on your LAN support this version of the protocol.

III.

Save

z

Click the

Submit

button to save the settings in the RAM.

z

To save these configuration changes permanently, enter

the

Save & Reboot

page, select

Save

and click

Submit

button to save new settings.

Page 57 / 109

47

4.12

Firewall Configuration

4.12.1

Configuration of Global Firewall

The Firewall enables you to protect the system against denial of

service (DoS) attacks and other types of malicious accesses to your

LAN. You can also specify how to monitor attempted attacks, and

who should be automatically notified.

Click the

Firewall

of

Advanced Function

in the Wizard Column

to set the RIP.

I.

Configuration page

Figure 4-23

Firewall configuration

Page 58 / 109

48

II.

Parameter explanation

Follow these instructions to configure global firewall settings.

Configure any of the following settings that display in the

Firewall Global Configuration

table:

z

Blacklist Status:

If you want the device to maintain and

use a black list, click

Enable

. Click

Disable

if you do not

want to maintain a list.

z

Blacklist Period(min):

Specifying the number of minutes

that a computer's IP address will remain on the black list

(i.e., all traffic originating from that computer will be

blocked from passing through any interface on the MT800).

For more information, see Managing the Black List below.

z

Attack Protection

: Click the

Enable

radio button to use

the built-in firewall protections that prevent the following

common types of attacks:

z

IP Spoofing

: Sending packets over the WAN

interface using an internal LAN IP address as the

source address.

z

Tear Drop

: Sending packets that contain overlapping

fragments.

z

Smurf and Fraggle

: Sending packets that use the

WAN or LAN IP broadcast address as the source

address.

z

Land Attack

: Sending packets that use the same

address as the source and destination address.

z

Ping of Death

: Illegal IP packet length.

z

DoS Protection

: Click the

Enable

radio button to use the

following denial of service protections: SYN DoS, ICMP

DoS, Per-host DoS protection.

Page 59 / 109

49

z

Max Half open TCP Connection

: Set the percentage of

concurrent IP sessions that can be in the half-open state.

In ordinary TCP communication, packets are in the

half-open state only briefly as a connection is being

initiated; the state changes to active when packets are

being exchanged, or closed when the exchange is

complete. TCP connections in the half-open state can use

up the available IP sessions. If the percentage is exceeded,

then the half-open sessions will be closed and replaced

with new sessions as they are initiated.

z

Max ICMP Connection

: Set the percentage of concurrent

IP sessions that can be used for ICMP messages. If the

percentage is exceeded, then older ICMP IP sessions will

be replaced by new sessions as they are initiated.

z

Max Single Host Connection

: Set the percentage of

concurrent IP session that can originate from a single

computer. This percentage should take into account the

number of hosts on the LAN.

III.

Save

z

Click the

Submit

button to save the settings in the RAM.

z

To save these configuration changes permanently, enter

the

Save & Reboot

page, select

Save

and click

Submit

button to save new settings.

4.12.2

Managing the Blacklist

If data packets are received that violate the firewall settings or

any of the IP Filter rules, then the source IP address of the offending

packets can be blocked from such accesses for a specified period of

time. The source computer remains on the black list for the period of

Page 60 / 109

50

time that you specify. You can enable or disable use of the black list

using the settings described above.

To view the list of currently blacklisted computers, click the

Black List

button at the bottom of the Firewall Configuration page.

The table displays the following information for each entry.

z

Host IP Address

: The IP address of the computer that

sent the packet(s) that caused the violation.

z

Reason

: A short description of the type of violation. If the

packet violated an IP Filter rule, the custom text from the

Log Tag field will display.

z

IPF Rule ID

: If the packet violated an IP Filter rule, this field

will display the ID assigned to the rule.

4.13

IP Filter Configuration

The IP filter feature enables you to create rules that control the

forwarding of incoming and outgoing data between your LAN and the

Internet and within your LAN.

4.13.1

IP Filter Global Settings

The IP Filter Configuration page displays global settings that

you can modify. And the IP Filter rule table shows all currently

established rules.

Click the

IP Filter

of

Advanced Function

in the Wizard Column

to set the IP filter.

Rate

Popular Huawei Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share