Table of Contents
Advertisement
RUGGEDCOM ROX II
CLI User Guide
Section 6.5
Enabling/Disabling SYN Cookies
RUGGEDCOM ROX II can be configured to transmit SYN cookies when the SYN backlog queue of a socket begins to
overflow. This is a technique used to resist SYN flood attacks.
To enable or disable the transmission of SYN cookies, do the following:
1.
Make sure the CLI is in Configuration mode.
2.
Enable SYN cookies by typing:
admin system tcp-syn-cookies
Disable SYN cookies by typing:
no admin system tcp-syn-cookies
Type commit and press Enter to save the changes, or type revert and press Enter to abort.
3.
Section 6.6
Managing Port Security
Port security (or Port Access Control) provides the ability to authenticate access through individual ports, either
through IEEE 802.1x authentication, static MAC address-based authorization, or both.
Using IEEE 802.1x authentication, RUGGEDCOM ROX II authenticates a source device against a remote RADIUS
authentication server. Access is granted if the source device provides the proper credentials.
Using static MAC address-based authorization, RUGGEDCOM ROX II authenticates the source device based on its
MAC address. Access is granted if the MAC address appears on the Static MAC Address table.
NOTE
RUGGEDCOM ROX II only supports the authentication of one host per port that has the port security
mode set to 802.1x or 802.1x/MAC-Auth.
NOTE
RUGGEDCOM ROX II supports both PEAP and EAP-MD5. PEAP is more secure and is recommended over
EAP-MD5.
IMPORTANT!
Do not apply port security on core switch connections. Port security is applied at the end of the network
to restrict admission to specific devices.
CONTENTS
•
Section 6.6.1, "Port Security Concepts"
•
Section 6.6.2, "Configuring Port Security"
•
Section 6.6.3, "Viewing the Security Status of Switched Ethernet Ports"
Enabling/Disabling SYN Cookies
Chapter 6
Security
129
Hide quick links:
Advertisement
Chapters
Table of Contents
