Dos Protection Configuration Guidelines And Restrictions - Cisco 7604 Configuration Manual
Ios software configuration guide
Hide thumbs
Also See for 7604:
- Configuration manual (742 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
DoS Protection Configuration Guidelines and Restrictions
Table 36-3 PFC3 Hardware-based Rate Limiter Default Setting
Rate Limiter
Ingress/Egress ACL Bridged
Packets
RPF Failures
FIB Receive cases
FIB Glean Cases
Layer 3 Security features
ICMP Redirect
ICMP Unreachable
VACL Log
TTL Failure
MTU Failure
Layer 2 PDU
Layer 2 Protocol Tunneling
IP Errors
Multicast IGMP
Multicast FIB-Miss
Multicast Partial-SC
Multicast Directly Connected
Multicast Non-RPF
Multicast IPv6
DoS Protection Configuration Guidelines and Restrictions
The section contains these configuration guidelines and restrictions:
•
•
PFC2
When configuring DoS protection on systems configured with a PFC2, follow these guidelines and
restrictions:
•
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
36-22
PFC2, page 36-22
PFC3, page 36-23
When using security ACLs to drop DoS packets, note the following information:
The security ACL must specify the traffic flow to be dropped.
–
Security ACLs need to be configured on all external interfaces that require protection. Use the
–
interface range command to configure a security ACL on multiple interfaces.
Chapter 36
Default Status (ON/OFF)
OFF
ON
OFF
OFF
OFF
OFF
ON
ON
OFF
OFF
OFF
OFF
ON
OFF
ON
ON
OFF
OFF
ON
Configuring Denial of Service Protection
Default Value
100 pps, burst of 10 packets
100 pps, burst of 10 packets
2000 pps, burst of 10 packets
100 pps, burst of 10 packets
100000 pps, burst of 100 packets
100000 pps, burst of 100 packets
If the packets-in-burst is not set, a
default of 100 is programmed for
multicast cases.
OL-4266-08
- Quick Links:
- Supported Hardware and Software
Hide quick links:
Advertisement
Chapters
Table of Contents
