Dos Prevention Commands; Config Dos_Prevention Dos_Type - D-Link DES-1210-52/ME Cli Reference Manual

L2 managed metro ethernet switch
Hide thumbs Also See for DES-1210-52/ME:
Table of Contents

Advertisement

The DoS Prevention commands in the Command Line Interface (CLI) are listed (along with the
appropriate parameters) in the following table.
Command
config dos_prevention
dos_type
show dos_prevention
enable dos_prevention
trap_log
disable dos_prevention
trap_log
Each command is listed in detail, as follows:

config dos_prevention dos_type

Purpose
Syntax
Description
Parameters
DES-1210-52/ME L2 Metro Ethernet Switch CLI Reference Guide

DOS PREVENTION COMMANDS

Parameter
[ {land_attack | blat_attack | smurf_attack | tcp_null_scan | tcp_xmascan |
tcp_synfin | tcp_syn_srcport_less_1024} | all] {action [ drop | mirror <port>
{priority <value (0-7)> | rx_rate [ no_limit | <value (64-1024000)> ] } ] | state
[enable | disable] ] }
{ land_attack | blat_attack | smurf_attack | tcp_null_scan | tcp_xmascan |
tcp_synfin | tcp_syn_srcport_less_1024 }
Used to discard the L3 control packets sent to CPU from specific
ports.
config dos_prevention dos_type [ {land_attack | blat_attack |
smurf_attack | tcp_null_scan | tcp_xmascan | tcp_synfin |
tcp_syn_srcport_less_1024} | all] {action [ drop | mirror <port>
{priority <value (0-7)> | rx_rate [ no_limit | <value (64-
1024000)> ] } ] | state [enable | disable] ] }
The config dos_prevention dos_type command is used to
configure the prevention of DoS attacks, and includes state and
action. The packets matching will be used by the hardware. For a
specific type of attack, the content of the packet, regardless of the
receipt port or destination port, will be matched against a specific
pattern.
The type of DoS attack. Possible values are as follows:
land_attack, blat_attack, smurf_attack, tcp_null_scan, tcp_xmascan
tcp_synfin and tcp_syn_srcport_less_1024.
By default, prevention for all types of DoS are enabled except for
tcp_syn_srcport_less_1024.
action [drop | mirror] - When enabling DoS prevention, the following
actions can be taken.
drop – Drop the attack packets.
mirror – Mirror the packet to other port for further process.
priority <value (0-7)> – Change packet priority by the Switch from 0
to 7.
If the priority is not specified, the original priority will be used.
51
10

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents