Security-Suite Dos Syn-Attack - Cisco 300 Series Cli Manual
Stackable managed switches
Hide thumbs
Also See for 300 Series:
- Cli manual (899 pages) ,
- Administration manual (586 pages) ,
- Quick start manual (72 pages)
Table of Contents
Advertisement
16
371
switchxxxxxx(config)#
16.7 security-suite dos syn-attack
To rate limit Denial of Service (DoS) SYN attacks, use the security-suite dos
syn-attack Interface Configuration mode command. This provides partial blocking
of SNY packets (up to the rate that the user specifies).
To disable rate limiting, use the no form of this command.
Note: This feature is only supported when the device is in Layer 2 switch mode.
Syntax
security-suite dos syn-attack
no security-suite dos syn-attack {
Parameters
•
syn-rate—Specifies the maximum number of connections per second.
(Range: 199–1000)
•
any | ip-address—Specifies the destination IP address. Use any to specify
all IP addresses.
•
mask—Specifies the network mask of the destination IP address.
•
prefix-length—Specifies the number of bits that comprise the destination IP
address prefix. The prefix length must be preceded by a forward slash (/).
Default Configuration
No rate limit is configured.
If ip-address is unspecified, the default is 255.255.255.255
If prefix-length is unspecified, the default is 32.
Command Mode
Interface (Ethernet, Port Channel) Configuration mode
User Guidelines
For this command to work,
both globally and for interfaces.
security-suite dos protect add invasor-trojan
syn-rate
any | ip-address
{
any | ip-address
show security-suite configuration
OL-32830-01 Command Line Interface Reference Guide
Denial of Service (DoS) Commands
mask
prefix-length
} {
|
mask
prefix-length
} {
|
must be enabled
}
}
Advertisement
Table of Contents
