It is recommended to implement the separation of management and data/customer traffic in your Huawei Service Routers (e.g. NE40E Series). Traffic passing through the management plane should be exclusively for management or administrative access purposes only like SSH, SNMP, NTP and AAA. These are the steps on hardening the security on Huawei Routers. Management instance can be configured using these commands: ip vpn-instance STRING<1-31> description TEXT<1-242> ipv4-family Here’s the recommended configuration or practices for these management services. Configure Authentication, Authorization…
Tag: <span>ACL</span>
SSH Configuration Examples in Huawei Router Here are the configuration examples: whereas: 192.168.100.100 = Jumphost IP (Allowed IP to SSH into the device) Enable the SSH service stelnet server enable 2. Configure key exchange algorithm ssh server key-exchange { dh_group_exchange_sha256 dh_group_exchange_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521 sm2_kep} 3. Configure encryption algorithm ssh server cipher { aes256_ctr aes128_ctr aes256_cbc aes128_cbc 3des_cbc } 4. Configure HMAC algorithm ssh server hmac { md5 | md5_96 | sha1 | sha1_96 | sha2_256 | sha2_256_96 } 5.…
As mentioned from the previous post, Bogon prefixes or routes should never appear in the Internet routing table. Network Engineers should implement “Best Practices” in their network, that includes filtering of bogons as it maybe used in DDoS attacks or Spams. Refer to https://freenetworktutorials.com/ipv4-and-ipv6-bogon-address-list for more info. “Martians” bogons may changed occasionally so at least make sure private address mentioned in https://freenetworktutorials.com/ipv4-classful-and-reserved-addresses are filtered so it wont leak out into the Internet. Here is sample steps and configuration. 1. Create the Ingress…
Leave a Comment