Configuring Dos Prevention - Cisco 500 Series Administration Manual

21
NOTE
STEP 1
STEP 2
STEP 3
STEP 4
STEP 5
463
• The DoS Prevention feature is disabled by default.
• SYN-FIN protection is enabled by default (even if DoS Prevention is
disabled).
• If SYN protection is enabled, the default protection mode is Block and
Report. The default threshold is 30 SYN packets per second.
• All other DoS Prevention features are disabled by default.

Configuring DoS Prevention

The following pages are used to configure this feature.
Security Suite Settings
Before activating DoS Prevention, you must unbind all Access Control Lists (ACLs)
or advanced QoS policies that are bound to a port. ACL and advanced QoS policies
are not active when a port has DoS Protection enabled on it.
To configure DoS Prevention global settings and monitor SCT:
Click Security > Denial of Service Prevention > Security Suite Settings. The
Security Suite Settings displays.
CPU Protection Mechanism: Enabled indicates that SCT is enabled.
Click Details beside CPU Utilization to go to the CPU Utilization page and view
CPU resource utilization information.
Click Edit beside TCP SYN Protection to go to the SYN Protection page and
enable this feature.
Select DoS Prevention to enable the feature.
• Disable—Disable the feature.
• System-Level Prevention—Enable that part of the feature that prevents
attacks from Stacheldraht Distribution, Invasor Trojan, and Back Orifice
Trojan.
• System-Level and Interface-Level Prevention—Enable that part of the
feature that prevents attacks from Stacheldraht Distribution, Invasor Trojan,
and Back Orifice Trojan.
If System-Level Prevention or System-Level and Interface-Level Prevention is
selected, enable one or more of the following DoS Prevention options:
Cisco 500 Series Stackable Managed Switch Administration Guide
Security
Denial of Service Prevention