IP address in blacklist

D4nielD4niel Member
in Harmony Controller

Hi community,

How could I clean up the ip addresses from the nat-pool which are in blacklists?

I have issues with some users who can not open an specific url when they connect from FTTH home connection

Is there a process I can follow up?

Thanks

Tagged:

Comments

  • mdunnmdunn Member ✭✭✭

    You can temporarily exclude the IP from the NAT pool until it has been removed from the blacklists. After configuring the exclusion, the subscribers should migrate their connections to a different address in the pool:

    cgn-1(config)#cgn nat pool LSN_Pool_1 exclude-ip 100.64.10.10

    Exclusions can also be configured in the GUI under CGN > LSN > LSN Pools > LSN_Pool_1

  • D4nielD4niel Member

    Thanks for the feedback,

    I understand that the IPs will be removed from the blacklist after some time.

    I have the whole nat-pool in blacklist.

    What the ISP can do in such a situation?

  • dquinndquinn Member

    Clear DDoS Entries
    Use the clear commands to delete L3 and L4 DDoS entries. The clear command provides options to
    selectively remove some entries or all DDoS statistics can be cleared entirely.


    L3 DDoS entries can be cleared based on a NAT IP netmask or NAT Pool. L4 DDoS entries can be
    cleared based on a NAT IP netmask, port, protocol, or based on NAT pool.


    CLI Configuration
    To clear NAT IP disabled by BGP advertisement, enter the following command at the global configuration
    level:
    ACOS(config)# clear cgnv6 ddos-protection disabled-ip-by-bgp {all | ip-address ipaddr netmask
    netmask}


    To clear L3 DDoS entries, enter the following command at the global configuration level:
    ACOS(config)# clear cgnv6 ddos-protection ip-entries {all | ip-address ipaddr netmask netmask
    | nat-pool name}


    To clear L4 DDoS entries, enter the following command at the global configuration level:
    ACOS(config)# clear cgnv6 ddos-protection l4-entries {all | address ipaddr netmask netmask
    | l4-proto num | nat-pool name | port num}


    For clearing L4 entries, a combination of NAT address, port, and protocol can be specified together, in
    any order. If one filter is already specified, the others are optional. Clearing L4 port entries will only clear
    TCP and UDP traffic for those ports.


    To clear all DDoS statistics, enter the following command at the global configuration level:
    ACOS(config)# clear cgnv6 ddos-protection statistics

  • D4nielD4niel Member

    Thanks dquinn,

    If I clear the DDoS Entries, this is going to have any impact in the environment production?

Sign In or Register to comment.