Table of Contents
Advertisement
Denial of Service (DoS) Commands
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
If mask is not specified, it defaults to 255.255.255.255.
If prefix-length is not specified, it defaults to 32.
Command Mode
Interface (Ethernet, Port Channel) Configuration mode
User Guidelines
For this command to work,
both globally and for interfaces.
This command discards ICMP packets with "ICMP type= Echo request" that
ingress the specified interface.
Example
The following example attempts to discard echo requests from an interface.
switchxxxxxx(config)#
switchxxxxxx(config)#
switchxxxxxx(config-if)#
To perform this command, DoS Prevention must be enabled in the per-interface mode.
10.3 security-suite deny martian-addresses
To deny packets containing system-reserved IP addresses or user-defined IP
addresses, use the security-suite deny martian-addresses Global Configuration
mode command.
To restore the default, use the no form of this command.
Syntax
security-suite deny martian-addresses
remove {ip-address {mask | /prefix-length}}
addresses)
security-suite deny martian-addresses
system-reserved IP addresses, see tables below)
no security-suite deny martian-addresses (This command removes addresses
reserved by security-suite deny martian-addresses
show security-suite configuration
security-suite enable global-rules-only
interface gi11
security-suite deny icmp add any /32
{add {ip-address {mask | /prefix-length}} |
reserved {add | remove} (
must be enabled
(
Add/remove user-specified IP
Add/remove
{add {ip-address {mask |
10
266
Advertisement
Table of Contents
