Table of Contents
Advertisement
Quality of Service (QoS) Commands
78-20269-01 Command Line Interface Reference Guide
Since the hardware rate limiting counts bytes, it is assumed that the size of "SYN"
packets is short.
Example
The following example attempts to rate limit DoS SYN attacks on a port. It fails
because security suite is enabled globally and not per interface.
Console(config)#
security-suite enable global-rules-only
Console(config)#
interface
Console(config-if)#
To perform this command, DoS Prevention must be enabled in the per-interface mode.
41.46 security-suite deny martian-addresses
Use the security-suite deny martian-addresses Global Configuration mode
command to deny packets containing system-reserved IP addresses or
user-defined IP addresses.
Syntax
security-suite deny martian-addresses
remove {ip-address {mask | /prefix-length}}
addresses)
security-suite deny martian-addresses
system-reserved IP addresses, see tables below)
no security-suite deny martian-addresses ( This command removes addresses
reserved by security-suite deny martian-addresses
/prefix-length}} | remove {ip-address {mask | /prefix-length}},
entries added by the user.
The user can remove a specific entry by using remove
/prefix-length}
parameter.
There is no no form of the security-suite deny martian-addresses
remove}
command. Use instead the security-suite deny martian-addresses
remove
reserved
command to remove protection (and free up hardware
resources).
gi1
security-suite dos syn-attack
{add {ip-address {mask | /prefix-length}} |
reserved {add | remove} (
199
any
/10
(
Add/remove user-specified IP
Add/remove
{add {ip-address {mask |
and removes all
ip-address {mask |
reserved {add |
41
604
Advertisement
Table of Contents
