Cisco 500 series Administration Manual page 332
Stackable managed switch
Hide thumbs
Also See for 500 series:
- Configuration manual (1140 pages) ,
- Administration manual (653 pages) ,
- Quick start manual (72 pages)
Table of Contents
Advertisement
Configuring Security
Denial of Service Prevention
NOTE
STEP 1
STEP 2
STEP 3
STEP 4
STEP 5
Cisco 500 Series Stackable Managed Switch Administration Guide
Denial of Service Security Suite Settings
Before activating DoS Prevention, you must unbind all Access Control Lists (ACLs)
or advanced QoS policies that are bound to a port. ACL and advanced QoS policies
are not active when a port has DoS Protection enabled on it.
To configure DoS Prevention global settings and monitor SCT:
Click Security > Denial of Service Prevention > Security Suite Settings. The
Security Suite Settings displays.
CPU Protection Mechanism: Enabled indicates that SCT is enabled.
Click Details beside CPU Utilization to enable viewing CPU resource utilization
information.
Select DoS Prevention to enable the feature.
•
Disable—Disable the feature.
•
System-Level Prevention—Enable that part of the feature that prevents
attacks from Stacheldraht Distribution, Invasor Trojan, and Back Orifice
Trojan.
If System-Level Prevention or System-Level and Interface-Level Prevention is
selected, enable one or more of the following DoS Prevention options:
•
Stacheldraht Distribution—Discards TCP packets with source TCP port
equal to 16660.
•
Invasor Trojan—Discards TCP packets with destination TCP port equal to
2140 and source TCP port equal to 1024.
•
Back Orifice Trojan—Discards UDP packets with destination UDP port
equal to 31337 and source UDP port equal to 1024.
Click Apply. The Denial of Service prevention Security Suite settings are written to
the Running Configuration file.
•
If Interface-Level Prevention is selected, click the appropriate Edit button to
configure the desired prevention.
18
332
Advertisement
Table of Contents
