Table of Contents
Advertisement
Syntax of the "no" Form
Threshold logging is disabled with the no form of this command:
no access-list log-update-threshold
Mode
Global configuration:
Default
Disabled
Example
The following example enables alarm logging for ACL 101 and sets the log threshold at 10000:
XSR(config)#access-list 101 deny ip 15.15.15.1 0.0.0.255 16.16.16.1 0.0.0.255 log
XSR(config)#access-list log-update-threshold 10000
hostdos
This command enables host security protection against various DoS attacks via source IP address
validation.
Syntax
hostdos {land | fragmicmp | largeicmp [size] | checkspoof}
land
fragmicmp
largeicmp
size
checkspoof
Syntax of the "no" Form
The no form disables the specified security feature:
no hostdos {land | fragmicmp | largeicmp [size] | checkspoof}
Mode
Global configuration:
Defaults
•
Disabled
•
Size: 1024
XSR(config)#
Note: Performing source address validation can improve security in some situations but can
erroneously discard valid packets in situations where inbound and outbound paths differ and will
negatively impact some routing protocols.
Enables land attack protection.
Enables fragmented ICMP packets protection.
Enables large ICMP packets protection.
Packet size above which protection starts, ranging from 1 to 65535.
Enables spoofed address checking.
XSR(config)#
General Security Commands
XSR CLI Reference Guide 16-89
Advertisement
Table of Contents
