Configuring Denial of Service Protection
This chapter contains information on how to protect your Catalyst 6500 series switch against Denial of
Service (DoS) attacks. The information covered in this chapter is unique to the Catalyst 6500 series
switches, and it supplements the network security information and procedures in the
Network Security"
in these publications:
•
Cisco IOS Security Configuration Guide, Release 12.2, at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/fsecur_c.html
Cisco IOS Security Command Reference, Release 12.2, at this URL
•
http://www.cisco.com/en/US/docs/ios/12_2/security/command/reference/fsecur_r.html
For complete syntax and usage information for the commands used in this chapter, refer to these
Note
publications:
The Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at
•
this URL:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdr
ef.html
•
The Release 12.2 publications at this URL:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_installation_and_configuratio
n_guides_list.html
This chapter consists of these sections:
Understanding How DoS Protection Works, page 33-2
•
•
DoS Protection Default Configuration, page 33-13
•
DoS Protection Configuration Guidelines and Restrictions, page 33-14
Understanding How Control Plane Policing Works, page 33-18
•
CoPP Default Configuration, page 33-19
•
CoPP Configuration Guidelines and Restrictions, page 33-19
•
Configuring CoPP, page 33-20
•
Monitoring CoPP, page 33-21
•
Defining Traffic Classification, page 33-22
•
OL-11439-03
chapter in this publication as well as the network security information and procedures
Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY
33
C H A P T E R
"Configuring
33-1