Configuring Tcp Intercept; Configuring Mac Address-Based Traffic Blocking; Configuring Unicast Reverse Path Forwarding Check; Understanding Pfc3 Unicast Rpf Check Support - Cisco 7604 Configuration Manual
Ios software configuration guide
Hide thumbs
Also See for 7604:
- Configuration manual (742 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Configuring MAC Address-Based Traffic Blocking
Configuring MAC Address-Based Traffic Blocking
To block all traffic to or from a MAC address in a specified VLAN, perform this task:
Command
Router(config)# mac-address-table static mac_address
vlan vlan_ID drop
Router(config)# no mac-address-table static
mac_address vlan vlan_ID
This example shows how to block all traffic to or from MAC address 0050.3e8d.6400 in VLAN 12:
Router# configure terminal
Router(config)# mac-address-table static 0050.3e8d.6400 vlan 12 drop
Configuring TCP Intercept
TCP intercept flows are processed in hardware.
For configuration procedures, refer to the Cisco IOS Security Configuration Guide, Release 12.2,
"Traffic Filtering and Firewalls," "Configuring TCP Intercept (Preventing Denial-of-Service Attacks),"
at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfdenl.html
Configuring Unicast Reverse Path Forwarding Check
These sections describe configuring Cisco IOS Unicast Reverse Path Forwarding check (Unicast RPF
check):
•
•
•
•
Understanding PFC3 Unicast RPF Check Support
For a complete explanation of how Unicast RPF check works, refer to the Cisco IOS Security
Configuration Guide, Release 12.2, "Other Security Features," "Configuring Unicast Reverse Path
Forwarding" at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfrpf.html
The PFC3 provides hardware support for RPF check of traffic from multiple interfaces.
With strict-method Unicast RPF check, the PFC3 supports two parallel paths for all prefixes in the
routing table, and up to four parallel paths for prefixes reached through any of four user-configurable
RPF interface groups (each interface group can contain four interfaces).
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
33-2
Understanding PFC3 Unicast RPF Check Support, page 33-2
Understanding PFC2 Unicast RPF Check Support, page 33-3
Unicast RPF Check Guidelines and Restrictions, page 33-3
Configuring Unicast RPF Check, page 33-3
Purpose
Blocks all traffic to or from the configured MAC address in
the specified VLAN.
Clears MAC address-based blocking.
Chapter 33
Configuring Network Security
OL-4266-08
- Quick Links:
- Supported Hardware and Software
Hide quick links:
Advertisement
Chapters
Table of Contents
